Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
https://github.com/kishan0725/Hospital-Management-System
https://gist.github.com/celbahraoui/8b9bd172bc637ab791005db0b239ae89