SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.Referenceshttp://bugs.elvinbts.org/show_bug.php?id=49http://secunia.com/advisories/35430
