Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
Multiple SQL injection
Exploit
CVE-2014-9613
NVD
Refer to CVE-2014-9613 NVD advisory