Yeting2

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospitals Patient Records Management System version 1.0 **Description** A SQL injection flaw exists in the file '/classes/Users.php?f=delete'. The issue occurs when the `ID` argument is manipulated, allowing a remote attacker to execute arbitrary SQL commands. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database. **Recommendations** Update SourceCodester Hospitals Patient Records Management System to a version that fixes this issue. As a temporary workaround, restrict access to the '/classes/Users.php?f=delete' endpoint or avoid using the `ID` parameter until a patch is applied.