Yyyr

**Name of the Vulnerable Software and Affected Versions** SourceCodester Bakeshop Online Ordering System version 1.0 **Description** A SQL injection issue exists in the /passwordrecover.php file due to manipulation of the `phonenumber` argument. This issue is remotely exploitable. The exploit has been made public. **Recommendations** As a temporary workaround, consider restricting access to the /passwordrecover.php file until a fix is available. Sanitize the `phonenumber` input to prevent SQL injection attacks.