sql injection vulnerabilities and exploits