SQL injection vulnerability in loginscript.php in e-ticketing allows remote malicious users to execute arbitrary SQL commands via the password parameter.
'e-ticketing' SQL Injection (CVE-2012-1673)
Mark Stanislav - markstanislav@gmailcom
I DESCRIPTION
---------------------------------------
A vulnerability exists in loginscriptphp that allows for SQL injection of the 'user_name' and 'password' POST parameters
II TESTED VERSION
---------------------------------------
Released on 2011-11-30 ...