SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29855
http://www.securityfocus.com/bid/20770
http://www.securityfocus.com/archive/1/449905/100/0/threaded