Harry Osborn is a security risk analyst for insurance company. He is currently examining a scenario where a hacker might use an SQL injection attack to the face of web server due to a missing Patch in the company's web application. In this scenario, what is the vulnerability?