SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows malicious user to execute arbitrary SQL commands via "searchdata" parameter.