CVE-2012-2105

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Date published : 2012-09-19

http://www.securityfocus.com/bid/52270

http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html