SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26364
http://www.vupen.com/english/advisories/2006/1768
http://www.securityfocus.com/bid/17923
http://securitytracker.com/id?1016053