HMS is a computer or web-based hospital management system. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS version 1.0, which stems from the presence of multiple parameters when requesting appointment.php using the POST method. An attacker could exploit this vulnerability to cause SQL injection.