Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
PHPGurukul Hospital Management System allows attackers to create fake doctor accounts
CVE-2025-70062
Summary
A security flaw in the 'Add Doctor' module of PHPGurukul Hospital Management System allows hackers to trick authorized users into creating fake doctor accounts. This could lead to unauthorized access to sensitive information or disruption of hospital operations. Upgrade to a fixed version or implement a CSRF token validation to protect against this threat.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| phpgurukul | hospital_management_system | 4.0 | – |
Original title
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-d...
Original description
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.
nvd CVSS3.1
6.5
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2 Exploit
- https://packetstorm.news/files/id/213711 Exploit Mitigation Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026