Key Information Vulnerability Overview Vulnerability Type: SQL Injection Affected Product: itsourcecode Event Management System V1.0 Vulnerable File: /admin/manage_user.php Root Cause SQL Injection vulnerability exists in the file , where malicious code can be injected via the parameter. The application does not properly validate or sanitize the input of the parameter before using it in SQL queries. Impact Attackers may bypass authentication, execute malicious SQL queries, leading to database access, data leakage, data tampering, system compromise, and service disruption. Vulnerable Location parameter (GET) POC No Authentication Required Exploiting this vulnerability does not require authentication or prior access to the system. Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and sanitization. 3. Minimize database user privileges. 4. Conduct regular security audits.