Key Information Title: SourceCodester User-Management-PHP-MYSQL web v1 SQL Injection Description: - The vulnerability exists in the open-source project (PQMS) file . - In line 183 of the file , the attribute is vulnerable to SQL injection. - By exploiting an XPath syntax error-based disclosure mechanism in the query string, the MySQL function can be triggered to generate an XPath syntax error, returning information such as the database version. - Example POC: Source: http://x.x.x.x:8888/pqms/php/api_patient_checkin.php?appointmentID=WALK202507056%27%20AND%20EXTRACTVALUE(1,CONCAT(0x7e,(SELECT%20@@version),0x7e))--%20,0x7e))--%20)