tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
datacomponents tpanel 2009