Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
https://github.com/kishan0725/Hospital-Management-System
https://gist.github.com/celbahraoui/4f6168774ef31510e3bad5cdeccd131e