This user profile functionality is vulnerable to SQL injection through the user ID parameter.
Try manipulating the user ID parameter with SQL injection payloads.
Example payloads: 1 OR 1=1, 1 UNION SELECT 1,2,3 --
1 OR 1=1
1 UNION SELECT 1,2,3 --