Yuyuyu

**Name of the Vulnerable Software and Affected Versions** code-projects Online Hospital Management System version 1.0 **Description** A SQL injection flaw exists in the '/patient.php' endpoint. This issue occurs when the `editid` argument is manipulated, allowing a remote attacker to execute unauthorized SQL commands. **Recommendations** Update code-projects Online Hospital Management System to a version that resolves this issue. As a temporary workaround, restrict access to the '/patient.php' endpoint or avoid using the `editid` parameter until a fix is applied.