XOOPS Glossaire Module 'glossaire-aff.php' SQL Injection Vulnerability

Summary
This host is installed with XOOPS module Glossaire and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands in applications database and gain complete control over the vulnerable web application. Impact Level: Application
Solution
No solution or patch is available as of 30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://www.xoops.org
Insight
The flaw is due to insufficient validation of 'lettre' HTTP GET parameter passed to 'glossaire-aff.php' script.
Affected
Glossaire Module version 1.0 for XOOPS
Detection
Send a crafted data via HTTP GET request and check whether it is possible to execute sql query.
References