Hospital Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Hospital Management System version 4. The issue resides in the 'func.php' file, specifically through the 'password2' parameter. This vulnerability allows attackers to execute time-based SQL injection, potentially leading to unauthorized data access or manipulation of the database.

Impact

Exploitation of this vulnerability could result in unauthorized access to database information, allowing attackers to read, modify, or delete data.

Reproduction

To reproduce this vulnerability, send a request to the 'func.php' file with a crafted 'password2' parameter that includes SQL injection payloads. For example, use a payload that exploits time-based SQL injection, such as one that causes a delay in the response, indicating successful injection.