CVE-2017-15974

tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.