SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.