Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
https://github.com/kishan0725/Hospital-Management-System
https://gist.github.com/celbahraoui/ec09b05d4b36fce476458b0ee8140416