sql injection in username #1
Description
when a client creates a user or logs in,
the string is simply concatenated to a premade query, without protection for sqli.
a payload such as:
" OR 1=1--
would allow any user to connect.
I firmly advise you to fix this vulnerability.