HMS is a computer or web-based hospital management system in Bangladesh. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS v1.0, which stems from the fact that the product admin.php page does not do effective filtering of special characters in user input data. An attacker could use this vulnerability to execute malicious SQL statements.