[webapps] Inventory Webapp – ‘itemquery’ SQL injection