Ushahidi 2.0.1 SQL Injection

`  
Ushahidi 2.0.1 (range param) SQL Injection Vulnerability (post-auth)  
  
  
Vendor: Ushahidi, Inc.  
Product web page: http://www.ushahidi.com  
Affected version: 2.0.1 (Tunis)  
  
Summary: The Ushahidi Platform is a platform for information  
collection, visualization and interactive mapping.  
  
Desc: Input passed via the 'range' parameter to dashboard.php is  
not properly sanitised in application/controllers/admin/dashboard.php  
before being used in SQL queries. This can be exploited to manipulate  
SQL queries by injecting arbitrary SQL code.  
  
  
-------------------------------------------------------  
\application\controllers\admin\dashboard.php  
  
  
Lines: 103-112:  
-------------------------------------------------------  
// Set the date range (how many days in the past from today?)  
// default to one year  
$range = (isset($_GET['range'])) ? $_GET['range'] : 365;  
  
if(isset($_GET['range']) AND $_GET['range'] == 0)  
{  
$range = NULL;  
}  
  
$this->template->content->range = $range;  
-------------------------------------------------------  
  
  
Tested on: Tested on: Microsoft Windows XP Professional SP3 (EN)  
Apache 2.2.14 (Win32)  
PHP 5.3.1  
MySQL 5.1.41  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
  
  
Advisory ID: ZSL-2011-5016  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5016.php  
  
Vendor Advisory: http://dev.ushahidi.com/issues/show/2195  
  
  
25.05.2011  
  
  
----  
  
PoC:  
  
- http://192.168.16.100/index.php/admin/dashboard/?range=1[SQLi]  
`