Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in scbs/classes/ Master.php?f=delete_category, the id parameter of the post request lacks validation for external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data.