[原文]Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.
OcoMon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the unspecified scripts not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database. No further details have been provided.
Upgrade to version 1.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
However, even with the upgrade to 1.21, Secunia Research has found that SQL injection still exists in the logon page when "magic_quotes_gpc" is disabled.