Código Vunrable!

<?php 
//This is where the vulnerable is.
$data
= $_GET['user'];

// where it displays the vulnerable.
echo $data
;
?>
<!DOCTYPE html>
<head>
<title>Submit</title>
</head>

<body>
<form method = "get">
User:
<input type="text" name="user" /><br />
<input type="button" value ="submit" />
</form>
</body>
</html>