SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.