Etere EtereWeb prior to 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
etere etereweb