Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
single theater booking script project single theater booking script 3.2.1