HMS is a computer or web-based hospital management system. version 1.0 of HMS is vulnerable to SQL injection, which stems from the presence of multiple parameters that can lead to SQL injection when requesting appointment.php using the POST method. An attacker could use this vulnerability to obtain database information.