Wuyan-Set

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospitals Patient Records Management System version 1.0 **Description** A remote SQL injection flaw exists in the file '/classes/Master.php?f=save patient history'. The issue occurs due to improper manipulation of the `ID` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the '/classes/Master.php?f=save patient history' endpoint or avoid using the `ID` parameter until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospitals Patient Records Management System version 1.0 **Description** A remote SQL injection exists in the file '/admin/patients/manage history.php'. The issue occurs due to improper manipulation of the `ID` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the '/admin/patients/manage history.php' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.