SQL injection in patient search could expose Protected Health Information (PHI) for all patients - Command injection in report generation could compromise the entire server - LDAP injection against Active Directory could expose all staff credentials