https://www.sourcecodester.com/php-clinics-patient-management-system-source-code
/pms/print_patients_visits.php
Unrestricted SQL injection attacks exist in the inventory management system. The parameters that can be controlled are as follows: to This function executes the to parameter into an SQL statement without any restrictions. Malicious attackers can use this vulnerability to obtain sensitive information in the server database
The to parameter in print_patients_visits.php is controlled and is directly carried into the SQL statement for execution, resulting in SQL injection
Injection via the to parameter