SIPhone Enterprise PBX suffers from a remote SQL injection vulnerability that allows for authentication bypass.