SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/73471
http://sourceforge.net/p/theuploader/news/2011/07/the-uploader-205-released