The vulnerability of the processlogin.php implementation in the ERP system allows a perpetrator to execute arbitrary code.

The vulnerability of the processlogin.php implementation in the ERP system is related to the lack of measures taken to protect the SQL query structure during the processing of the user argument. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

CVE-2009-0412

The ProcessLogin function in class.auth.php in Interspire Shopping Cart ISC 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt...