Vulnerability Overview Vulnerability Name: C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection Vulnerability Description: C4G BLIS is an open-source system used to track patients, samples, and laboratory results. The interface of this system contains a SQL injection vulnerability. Author: Carlos Avila Published Date: 2019-02-21 Affected Scope Affected Software: C4G Basic Laboratory Information System (BLIS) Affected Versions: 3.4 Platform: PHP Test Environment: Windows 8.1 / Ubuntu Linux Remediation Recommendation: Application inputs must be validated correctly throughout the development of the project. POC/Exploit Code The following sqlmap exploitation process and commands are provided in the screenshot: Key Output Log Snippet:**