Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
https://github.com/kishan0725/Hospital-Management-System
https://gist.github.com/celbahraoui/cbfa4a06cb3cce7222718f8c25519c98