Pasal - Departmental Store Management System v1.2 - SQL Injection

# SQL Injection/Exploit : # Login as regular user # http://localhost/[PATH]/module.php?module=vendors&page=edit-vendors&id=[SQL] # http://localhost/[PATH]/module.php?module=units&page=edit-units&id=[SQL] # http://localhost/[PATH]/module.php?module=currency&page=edit-currency&id=[SQL] # http://localhost/[PATH]/module.php?module=category&page=edit-category&id=[SQL] # http://localhost/[PATH]/module.php?module=purchase&y=[SQL]&m=[SQL] # tbl_users:id # tbl_users:username # tbl_users:password # tbl_users:email # tbl_users:full_name # tbl_users:permission