CVE-2008-5589
CVE-2008-5589 describes an SQL injection in processlogin.asp of Katy Whitton RankEm, exploitable via the txtusername or txtpassword fields to execute arbitrary SQL remotely. The root cause is improper input handling allowing concatenation into SQL queries, leading to potential data disclosure or ...