CVE-2009-4870
CVE-2009-4870 affects PHPCityPortal's login.php; SQL injection via the req_username and req_password parameters allows remote execution of arbitrary SQL commands. Underlying issue is improper input handling in the login logic. CVSS indicates a HIGH impact with partial confidentiality, integrity, ...