Key Information Vulnerability Description Vulnerability Type: SQL Injection (SQLi) Affected System: Life Insurance Management System v1.0 Affected File: /insertNominee.php Parameter: client_id Vendor Information Vendor: projectworlds Software Link: Life Insurance Management System in PHP Version Version: V1.0 POC (Proof of Concept) Command: HTTP Request Example: Parameter Details Parameter: client_id (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: