News Portal Project is an open source news portal project. news Portal Project has a SQL injection vulnerability in version 3.1, which stems from the lack of validation of external input for the category, subcategory, sucatdescription, username parameters of the application. SQL statement validation. An attacker could use the vulnerability to execute illegal SQL commands to steal sensitive database data.