Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. His chooses to use printf(str) where he should have ideally used printf(“%s”, str). What attack will his program expose the web application to?