PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
GHSA-9cpm-2q59-cph3: PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint....
PHPGurukul Billing System 1.0 has an SQL Injection vulnerability in the admin/index.php endpoint due to unvalidated user input in the username parameter.