In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.Referenceshttps://github.com/kabirkhyrul/HMS/discussions/15https://github.com/kabirkhyrul/HMS/tree/1.0
