Empire CMS(EmpireCMS)commodity rate plugin injection vulnerability-vulnerability warning-the black bar safety net

Since the parameters of the variables not to initialize the detection result pf\rate.php and pf\ratemovie.php in the variable $id exists injection risk. $id = $GET"id"; $query = "SELECT infopfen,infopfennum FROM phomeecmsshop WHERE id=$id"; $result = mysqlquery$query; $v = $GET"v"; $id =$GET"id";...