The Himalayan Times

We just found that http://www.thehimalayantimes.com is vulnarable to SQL injection.
In the DB of the site are stored 20 000+ emails,passwords, first and second name and addresses.The passwords are in clear text.