WSN Guest 1.24 SQL Injection

`www.eVuln.com advisory:  
"wsnuser" Cookie SQL Injection vulnerability in WSN Guest  
  
-----------Summary-----------  
http://evuln.com/vulns/174/summary.html   
  
eVuln ID: EV0174  
Software: WSN Guest  
Vendor: n/a  
Version: 1.24  
Critical Level: medium  
Type: SQL Injection  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
  
--------Description--------  
http://evuln.com/vulns/174/description.html   
  
SQL Injection in "wsnuser" Cookie  
It is possible to inject arbitrary SQL query using "wsnuser" cookie parameter in the "index.php" script.  
Parameter "wsnuser" is used in SQL query without proper sanitation.  
  
--------PoC/Exploit--------  
PoC code is available at:  
http://evuln.com/vulns/174/exploit.html   
  
Cookie SQL Injection Example  
  
Cookie SQL Injection PoC. HTTP query:  
GET /wsnguest/index.php?debug=1 HTTP/1.0  
Host: website  
Cookie: wsnuser=[SQL Injection]  
  
  
  
---------Solution----------  
Not available  
  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/penetration-test.html - website manual penetration testing  
`