0Ctl0

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patients Waiting Area Queue Management System version 1.0 **Description** A flaw exists in the software that allows for remote SQL injection. The issue is located in the `getPatientAppointment` function within the `/php/api patient checkin.php` file. Manipulation of the `appointmentID` argument can trigger the injection. The exploit for this issue is publicly available. **Recommendations** Apply a fix to the `getPatientAppointment` function in the `/php/api patient checkin.php` file to prevent manipulation of the `appointmentID` argument.