CVE-2017-17638

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.