SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information.
Gentoo Linux Security Advisory GLSA 200901-08 - Multiple vulnerabilities have been reported in Online-Bookmarks. Versions less than 0.6.28 are affected.