SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.Referenceshttp://www.securityfocus.com/bid/52156https://exchange.xforce.ibmcloud.com/vulnerabilities/73471http://packetstormsecurity.org/files/110166/The-Uploader-2.0.4-Eng-Ita-Remote-File-Upload.htmlhttp://osvdb.org/79508http://secunia.com/advisories/48141http://sourceforge.net/p/theuploader/news/2011/07/the-uploader-205-releasedhttp://www.exploit-db.com/exploits/18518
