CVE-2025-70062

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 91.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Hospital Management System
Timeline
PublishedFeb 18

Description

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-70062: PHPGurukul Hospital Management System v42026-02-18
GHSA
GHSA-2hcf-jfqx-g286: PHPGurukul Hospital Management System v42026-02-18
CVE-2025-70062 (MEDIUM CVSS 6.5) | PHPGurukul Hospital Management Syst | cvebase.io