Clinic’s Patient Management System is a patient management system for clinics. a SQL injection vulnerability exists in Clinic’s Patient Management System v1.0, which originates in /pms/ The id parameter in update_patient.php lacks validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.