SQLi Vulnerability in ATuter management system

The vulnerability resides in:
mods/_standard/assignments/add_assignment.php at line 247 and the variable $assign_to.

The vendor failed to request a CVE number. So I decided to request one here.