SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote malicious users to execute arbitrary SQL commands via the invoiceID parameter.
fad solutions drzes hms 3.2