Amaansiddd787

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC event-management version 1.0 **Description** Improper input handling in the `/Grocery/search products itname.php` file allows for SQL injection via the `sitem name` POST parameter. Crafted payloads can alter query logic and disclose database contents, potentially leading to sensitive data disclosure and backend compromise. The `sitem name` parameter is vulnerable to exploitation. **Recommendations** For PuneethReddyHC event-management version 1.0, sanitize or validate the `sitem name` POST parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the `/Grocery/search products itname.php` file until a proper fix is implemented.