SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
https://www.exploit-db.com/exploits/6987
https://exchange.xforce.ibmcloud.com/vulnerabilities/46342