SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. Successful exploitation of this vulnerability requires that "register_globals" is enabled.
Publication date: Wed, 04 Jul 2007 21:30:00 +0000