CVE-2011-2944 Information

Description

SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Reference

http://osvdb.org/79508 http://packetstormsecurity.org/files/110166/The-Uploader-2.0.4-Eng-Ita-Remote-File-Upload.html http://secunia.com/advisories/48141 http://sourceforge.net/p/theuploader/news/2011/07/the-uploader-205-released http://www.exploit-db.com/exploits/18518 http://www.securityfocus.com/bid/52156 https://exchange.xforce.ibmcloud.com/vulnerabilities/73471