SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.