Frank Zeng

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** The issue allows attackers to gain administrator privileges without the need for a password through SQL Injection. **Recommendations** For Hospital Management System version 1.0, consider restricting access to sensitive database queries to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and modify the SQL queries to prevent injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.