If an attacker can control the value of user and item, he can: (Choose two)
A. obtain any data from the web application's database.
B. delete or modify arbitrary data in the web application's database.
C. run arbitrary code on the database server.
D. run arbitrary code on the web server.
