From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Title**: - **SourceCodester Simple Invoice Generator System 1.0 SQL Injection** 2. **Affected URL/Endpoint**: - `/php-invoice/save_invoice.php` 3. **Vulnerable Parameters**: - `invoice_code` - `customer` - `cashier` - `total_amount` - `discount_percentage` - `discount_amount` - `tendered_amount` 4. **Risk Level**: - High (allows malicious users to execute arbitrary SQL queries) 5. **Reproduction Steps**: 1. Log in as any cashier. 2. Fill out the form and click "Add Item". 3. Click "Save and Generate Printable Invoice". 4. Intercept the "save_invoice" request using a proxy such as Burp Suite. 5. Inject payload to trigger SQL injection. 6. **Parameter Type**: - `cashier` (POST) - Type: Boolean-based blind injection - Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) - Payload: `cashier=1' AND EXTRACTVALUE(9612,CASE WHEN (9612=9612) THEN 9612 ELSE 0x3A END)--` - Type: Error-based blind injection - Title: MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET) This information provides a detailed description of the vulnerability's nature, affected system and parameters, reproduction steps, and parameter types along with payloads.