Security Review

Review this code for security issues. Check for: 1. SQL injection 2. XSS vulnerabilities 3. CSRF exposure 4. Authentication/authorization bypasses 5. Sensitive data exposure (logging secrets, error messages leaking internals) 6. Input validation gaps Rate each finding as Critical/High/Medium/Low. Show the fix for Critical and High. [paste code]