Alguest 1.1c-patched SQL Injection

`New eVuln Advisory:  
SQL Injection vulnerability in Alguest  
Summary: http://evuln.com/vulns/154/summary.html   
Details: http://evuln.com/vulns/154/description.html   
  
-----------Summary-----------  
eVuln ID: EV0154  
Software: Alguest  
Vendor: n/a  
Version: 1.1c-patched  
Critical Level: medium  
Type: SQL Injection  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
It is possible to inject arbitrary SQL query using "start" parameter in index.php script.  
Parameter "start" is used in SQL query without any sanitation.  
--------PoC/Exploit--------  
SQL Injection Example  
  
Vulnerable code: $query = @mysql_query("SELECT * FROM $tabella order by id asc limit $start,$rec_pagina");  
  
SQL Injection PoC: http://website/alguest/index.php?start='  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/web-security.html - HTTP query generator  
`