Tag
SourceCodester SUP Online Shopping 1.0 is vulnerable to SQL injection via the msgid parameter in /admin/replymsg.php, allowing remote attackers to execute arbitrary SQL commands.