Phpgurukul Hospital Management System vulnerabilities

CVE-2025-70064 [HIGH] CWE-284 CVE-2025-70064: PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-priv PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the appli

CVE-2025-70063 [MEDIUM] CWE-639 CVE-2025-70063: The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Dire The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iteratin

CVE-2025-70062 [MEDIUM] CWE-352 CVE-2025-70062: PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerabilit PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into vi

CVE-2026-2179 [MEDIUM] CWE-74 CVE-2026-2179: A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-2134 [MEDIUM] CWE-74 CVE-2026-2134: A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affecte A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVE-2026-1550 [MEDIUM] CWE-266 CVE-2026-1550: A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this i A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has be

CVE-2025-56212 [CRITICAL] CWE-89 CVE-2025-56212: phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the d phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

CVE-2025-56214 [CRITICAL] CWE-89 CVE-2025-56214: phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the userna phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

CVE-2025-56216 [HIGH] CWE-89 CVE-2025-56216: phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pag phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

CVE-2025-56215 [MEDIUM] CWE-89 CVE-2025-56215: phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the page phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.

CVE-2025-8955 [MEDIUM] CWE-74 CVE-2025-8955: A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affe A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8954 [MEDIUM] CWE-74 CVE-2025-8954: A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7604 [MEDIUM] CWE-74 CVE-2025-7604: A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as crit A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be u

CVE-2025-7176 [MEDIUM] CWE-74 CVE-2025-7176: A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as crit A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be

CVE-2025-6613 [MEDIUM] CWE-79 CVE-2025-6613: A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Af A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and ma

CVE-2025-6570 [MEDIUM] CWE-74 CVE-2025-6570: A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may

CVE-2025-5584 [MEDIUM] CWE-79 CVE-2025-5584: A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as pr A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The ex

CVE-2024-51360 [CRITICAL] CWE-94 CVE-2024-51360: An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary cod An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file

CVE-2024-56997 [MEDIUM] CWE-79 CVE-2024-56997: PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/ind PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.

CVE-2024-56990 [MEDIUM] CWE-79 CVE-2024-56990: PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhi PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.