CVE-2005-4137
CVE-2005-4137 describes an SQL injection in DRZES HMS 3.2: viewinvoice.php allows remote attackers to manipulate the backend via the invoiceID parameter, enabling arbitrary SQL execution. This is part of broader SQL injection findings in DRZES HMS 3.2 (noting that the 4137 vector is explicitly th...