SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local malicious user to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.