h3Cloud Sql injection vulnerability

h3Cloud Sql injection vulnerability
This is a well-known SQL injection storage device that does not require any permissions.

payload:
/ear/grid_event?_search=false&nd=1537411611171&rows=10&page=1&sidx=id&sord=desc
This is a url that everyone can access.

Take a look at my test

It is a mysql database;And it is root privilege