SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a differe