A SQL injection vulnerability has been discovered in code-projects Online Hospital Management System affecting version 1.php. The flaw exists in the login_user function within the login_1.php file, where manipulation of the Username parameter leads to SQL injection. The vulnerability can be exploited remotely and a working exploit has been publicly released. This affects healthcare management systems and poses a significant security risk due to the sensitive nature of medical data.