Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
https://github.com/kishan0725/Hospital-Management-System
https://gist.github.com/celbahraoui/9972727c6770cd63386ebbe07a9c1454