The website is a non-profit children care site... but it's admin login is extremely vulnerable to simple sql injections. Once someone hacks the admin login, they can access a database of all there clients information. How should I tell the site owners about the danger. I don't want to get arrest, but I also don't want anyone to steal their clients information. Should I alert the site owner?
Sorry if I posted this in the wrong thread.