Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.