Back to CVE List

CVE-2025-70062

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vulnerability Description

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
phpgurukul
Product
hospital_management_system

External References

Discussion (0)

Add Comment

No comments yet. Be the first!