Product
Gate Pass Management System 2.1 is vulnerable to SQL injection via the login-exec.php endpoint, allowing unauthenticated attackers to bypass authentication and gain unauthorized access to the application by injecting SQL code in the login and password parameters.