312-92 Question #101: Real Exam Question with Answer & Explanation

Lori is creating a login page using Java on one of her websites with the following code. What vulnerability or issue is the code susceptible to? conn = pool.getConnection(); String sql = "select * from user where username='" + "' and password='" + password + "'"; stmt = conn.createstatement(); rs = stmt.executeQuery(sql); if (rs.next()) { loggedIn = true; out.println("Successfully logged in"); } else { out.println("Username and/or password not valid"); }