SQL Injection Vulnerability in WTCMS 1.0 Description Vulnerability: SQL Injection Location: in the function. Cause: Improper neutralization of special elements used in an SQL command ( parameter). Impact: Allows unauthenticated remote attackers to execute arbitrary SQL commands on the underlying database. Affected Code Proof of Concept (PoC) 1. URL: 2. Payload: Reproduction Process 1. Login. 2. Add item. 3. Modify or delete request to trigger the SQL injection vulnerability.