https://www.sourcecodester.com/php-clinics-patient-management-system-source-code
/pms/ajax/get_patient_history.php
Unrestricted SQL injection attacks exist in the inventory management system. The parameters that can be controlled are as follows: patient_id This function executes the patient_id parameter into an SQL statement without any restrictions. Malicious attackers can use this vulnerability to obtain sensitive information in the server database
The patient_id parameter in get_patient_history.php is controlled and is directly carried into the SQL statement for execution, resulting in SQL injection
Injection via the patient_id parameter
