SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29683
http://www.vupen.com/english/advisories/2006/4130
http://www.securityfocus.com/archive/1/449227/100/0/threaded