# Description: phptpoint Pharmacy Management System SQL injection suffers from a SQL injection
# vulnerability that allows an attacker to bypass the login page and authenticate
# as admin or any other user.
# Vulnerable Code:
4 $username=$_POST['username'];
5 $password=$_POST['password'];
6 $position=$_POST['position'];
7 switch($position){
8 case 'Admin':
9 $result=mysql_query("SELECT admin_id, username FROM admin WHERE username='$username' AND password='$password'");
10 $row=mysql_fetch_array($result);