Vulnerability Details: Product: Society Management System Vendor: https://itsourcecode.com/free-projects/php-project/society-management-system-project-in-php-free-download/ Vulnerable File: /admin/delete_activity.php Version: V1.0 Vulnerability Type: SQL Injection Root Cause: Insufficient user input validation for the 'activity_id' parameter allows malicious SQL code injection. Impact: Unauthorized database access, sensitive data leakage, data tampering, and service interruption. Description: Critical SQL injection vulnerability in /admin/delete_activity.php allows attackers to inject malicious SQL queries without proper validation or sanitization of the 'activity_id' parameter. POC: - Parameter: activity_id (GET) - Payload: activity_id=2' RLIKE (SELECT (CASE WHEN (3804=3804) THEN 2 ELSE 0x28 END))-- AiDD - Payload: activity_id=2' AND 6596=BENCHMARK(5000000,MD5(0x4f724952))-- spQb Suggested Repair: 1. Use prepared statements and parameter binding. 2. Implement input validation and filtering. 3. Minimize database user permissions. 4. Conduct regular security audits.