SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
https://exchange.xforce.ibmcloud.com/vulnerabilities/57092
http://www.securityfocus.com/bid/38881