PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve