Vulnerability Information Summary Affected System: Hospital Management System (HMS) v1.0 Vulnerable URL: http://you ip/HMS/room.php Vulnerable Parameter: (GET parameter) Vulnerability Type: SQL Injection Vulnerability Description The parameter on this page is vulnerable to SQL injection. The vulnerability can be verified using the following command: Vulnerability Details Injection Type: - time-based blind - UNION query Example Payloads: Environment Information DBMS: MySQL (version >= 5.0.12) Web Server: Apache 2.4.39 Backend Programming Language: PHP 7.3.4 Additional This test was automatically performed using the sqlmap tool; specific commands and procedures are shown in the screenshots.