🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/6 🛒 cart (0) login
security level: low medium high impossible

Source: category (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php // LOW: raw numeric concatenation
$q "SELECT id,name,price FROM products WHERE cat = " $_GET['cat'] . " ORDER BY id";
$res = @mysqli_query(db(), $q); $rows = array();
if (
$res) { while ($r mysqli_fetch_assoc($res)) $rows[] = $r; } else $rows_error mysqli_error(db());