SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.Referenceshttp://www.securityfocus.com/bid/32114https://exchange.xforce.ibmcloud.com/vulnerabilities/46342http://secunia.com/advisories/32502https://www.exploit-db.com/exploits/6987
