Luther

**Name of the Vulnerable Software and Affected Versions** hospital-management-system-in-php version 1.0 **Description** A remote SQL injection flaw exists in the GET Parameter Handler component. The issue occurs within the `getAllPatientDetail()` function located in the `update info.php` file, where manipulation of the `appointment no` parameter allows for the execution of arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the `update info.php` file or avoid using the `appointment no` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.