Hospital Management System is a PHP and MySQL-based hospital management system. v1.0 of Hospital Management System is vulnerable to a file upload vulnerability that results from a lack of validation of uploaded files in treatmentrecord.php. An attacker could exploit this vulnerability to upload malicious files to remotely execute arbitrary code.