Sql injection

Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the pluginid parameter is 4, allow remote attackers to execute arbitrary SQL commands via the 1 users username and 2 passwords parameters...