Key Information Affected Product Movie Ticketing System Vulnerable File ticketConfirmation.php Affected Version V1.0 Vulnerability Type SQL Injection Root Cause In the file, user input for the parameter is directly used in SQL queries without proper sanitization or validation, leading to an SQL injection vulnerability. Impact Attackers can exploit this vulnerability to gain unauthorized access to the database, leak sensitive data, tamper with data, or disrupt system control, posing a threat to system security and business continuity. Description Due to insufficient user input validation in the project when handling the parameter, attackers can inject malicious SQL queries, thereby gaining unauthorized access to the database, modifying or deleting data, and accessing sensitive information. Authentication Requirement Exploiting this vulnerability requires prior authentication to the backend system to obtain a valid PHPSESSID. Vulnerability Details and POC Vulnerable Parameter: Payload Example: Recommended Remediation Measures 1. Use prepared statements and parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges. 4. Conduct regular security audits.