Zengxingqin

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospitals Patient Records Management System version 1.0 **Description** An SQL injection flaw exists in the file '/classes/Users.php?f=save'. The issue occurs when the `ID` argument is manipulated, allowing for remote exploitation. **Recommendations** Update SourceCodester Hospitals Patient Records Management System version 1.0 to a version that addresses this issue. As a temporary workaround, restrict access to the '/classes/Users.php?f=save' endpoint to minimize the risk of exploitation.