HealthNode Hospital Management System is a hospital management system. The system includes patient information management, ward management, surgery schedule management and financial management, etc. A SQL injection vulnerability exists in HealthNode Hospital Management System due to a lack of input validation in messearch.php. An attacker could use this vulnerability to obtain sensitive database information.