OrderSys 'where_clause' Parameter Multiple SQL Injection Vulnerabilities

OrderSys 'where_clause' Parameter Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/ordersys/ordering/interface_creator/index.php?table_name=vendor&function=search&where_clause=[SQL INJECTION]&page=0&order=Address&order_type=ASC
http://www.example.com/ordersys/ordering/interface_creator/index_long.php?table_name=vendor&function=search&where_clause=[SQL INJECTION]&page=0&order=Address&order_type=ASC
http://www.example.com/ordersys/ordering/interface_creator/index_short.php?table_name=vendor&function=search&where_clause=[SQL INJECTION]&page=0&order=Address&order_type=ASC