CVE-2006-7144 Information

Description

SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html http://secunia.com/advisories/22365 http://securityreason.com/securityalert/2389 http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt http://www.securityfocus.com/archive/1/448423/100/0/threaded http://www.securityfocus.com/bid/20474