Product
A SQL injection vulnerability (CVE-2026-8785) exists in the getAllPatientDetail function of the update_info.php file in projectworlds hospital-management-system-in-php version 1.0, allowing remote attackers to execute arbitrary SQL commands via the 'appointment_no' GET parameter.