CVE-2014-8728
Subex ROC Fraud Management (aka Fraud Management System/FMS) suffers an SQL injection in the login page (login/login) accessible on Subex ROC FMS 7.4 and earlier. The vulnerability stems from how the POST parameter ranger_user[name] is handled, enabling an attacker to submit arbitrary SQL command...