Public CVE-2008-5953 disclosure

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action...