Assume you are conducting a security audit on a web application that uses user input to construct SQL queries. The application has a login form that takes a username and password for authentication. The backend SQL query is constructed as follows:

SELECT $*$ FROM users WHERE username $=\text{'}[$user$\_$input$]\text{'}$ AND password $=\text{'}[$hashed$\_$password$]\text{'}$;

The application uses proper hashing for passwords but is vulnerable to SQL injection in the username parameter.

True

False