SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.
https://exchange.xforce.ibmcloud.com/vulnerabilities/42817
https://exchange.xforce.ibmcloud.com/vulnerabilities/42795
http://www.securityfocus.com/archive/1/492914/100/0/threaded