CVE-2006-0135

SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).

Date published : 2006-01-09

http://www.securityfocus.com/bid/16161

http://www.securityfocus.com/archive/1/421039/100/0/threaded