SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.