CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2
https://packetstorm.news/files/id/213711

Products affected by CVE-2025-70062

Phpgurukul » Hospital Management System » Version: 4.0

cpe:2.3:a:phpgurukul:hospital_management_system:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-70062

Products

Pricing

Contact Us