CVE-2012-1026 Information

Description

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461 http://www.exploit-db.com/exploits/18467 http://www.securityfocus.com/bid/51870 https://exchange.xforce.ibmcloud.com/vulnerabilities/73000