Plj1055

**Name of the Vulnerable Software and Affected Versions** code-projects Patient Record Management System version 1.0 **Description** A critical issue was found in the code-projects Patient Record Management System. This issue affects an unknown part of the file `/edit spatient.php`. The manipulation of the `ID` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Patient Record Management System version 1.0, consider disabling access to the `/edit spatient.php` file until a patch is available. As a temporary workaround, restrict the manipulation of the `ID` argument to minimize the risk of SQL injection. At the moment, there is no information about a newer version that contains a fix for this issue.