PostNuke Modules Factory Subjects Module SQL Injection Vulnerability

info
discussion
exploit
solution
references

PostNuke Modules Factory Subjects Module SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concepts have been provided:

http://www.example.com/index.php?module=subjects&func=listpages&subid=[SQL]
http://www.example.com/index.php?module=subjects&func=viewpage&pageid=[SQL]
http://www.example.com/index.php?module=subjects&func=listcat&catid=[SQL]