Security Advisory
CVE-2010-1046
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.