Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote malicious users to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
pl-php pl-php