Wedding Management System v1.0 contains a SQL injection vulnerability in /Wedding-Management/admin/ budget.php?booking_id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.