CVE-2010-1046 Information

Description

Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.

Reference

http://osvdb.org/62162 http://secunia.com/advisories/38440 http://www.exploit-db.com/exploits/11356 http://www.vupen.com/english/advisories/2010/0318