I believe in the following: Some "user input" not validated = Software can get hacked.

Unvalidated user input can be used to inject malicious SQL code, allowing an attacker to access sensitive data or execute unauthorized actions.