Web Based TimeSheet Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.