Sql injection in jPortal version 2.3.1 (module download)

Versions: all from 2.2.1 to 2.3.1+Service Pack+shop jportalI check this bug only on one site SQL injection attack if magicquotesqpc=Off Problem is in file serching engine download.php, witch code is in “module/down.inc.php” file: code if$cat=='all' $q = "AND title LIKE '$word'"; else $q = "AND...