SQL Injection in Login Endpoint

The login form fails to properly sanitize user-supplied input before using it in SQL queries. By injecting crafted SQL payloads into the username or password field, an attacker can bypass authentication and extract sensitive data from the database.

Steps to Reproduce:

Navigate to the Login page.

In the username field, input the following payload: