Monster-Dz

**Name of the Vulnerable Software and Affected Versions** MyMsg version 1.0.3 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `uid` parameter in a "show action" within the Profile.php file. **Recommendations** For MyMsg version 1.0.3, consider restricting access to the `uid` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `uid` parameter in the "show action" to minimize the risk of exploitation.