There is a vulnerability in your project - SQL injection #2
Description
Reproduction process: in the background login page - 'http(s)://yourdomain/fladmin/login.php', enter the payload to account : ['or 1) #], any password, you can directly log in to the webmaster page
Cause: in line 13 and line 14 of the file 'fladmin/login.php', you can see that the program received the unfiltered post parameter and spliced it into the where clause in line 16, resulting in SQL injection
Repair suggestion: intercept the SQL injection request that adds the get post parameter to the program, or escape or preprocess the program SQL