Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Successful exploitation requires "magic_quotes_gpc" to be disabled.
Publication date: Sat, 01 Apr 2006 06:04:00 +0000