PortailPHP ID Parameter SQL Injection Vulnerability

PortailPHP ID Parameter SQL Injection Vulnerability

No exploit is required.

Proof of concept example URIs have been provided:
http://www.example.com/index.php?affiche=News&id='[SQL inj]
http://www.example.com/index.php?affiche=File&id='[SQL inj]
http://www.example.com/index.php?affiche=Liens&id='[SQL inj]
http://www.example.com/index.php?affiche=Faq&id='[SQL inj]

Alberto Trivero <trivero@jumpy.it> has supplied the following exploit:

/data/vulnerabilities/exploits/portailphp-sql-inj.pl