Posible OWASP / SQL Injection puzzle solution?

I’m doing a puzzle of security and I’m stuck on a problem that they give me an url (autommatically when searching for the website it adds some query params to the website like mywebsite.com/ab/index.php/?id=322332&uuid=2214124,etc…) and in the console as a tip they print a table name company_users and then the login does nothing because I’ve checked the php form and they have this

username: user.value,
password: password.value
}, function (data, status) {
return false;

And the console log is because when opening the website it does this

$.get("../cd/api.php?action=hint", function (data, status) {

is using jquery/3.5.1/jquery.min.js

Note that the website is
and the api.php is in
does it help?
Any hint you can tell me? Or something I can try?