SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.