Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PHPGurukul Hospital Management System: Unprivileged users can access admin settings
CVE-2025-70064
Summary
A user can access sensitive areas of the system without permission, allowing them to view confidential information and make unintended changes. This is a concern for patient data and system security. Update to the latest version or apply a patch to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| phpgurukul | hospital_management_system | 4.0 | – |
Original title
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., ...
Original description
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.
nvd CVSS3.1
8.8
Vulnerability type
CWE-284
Improper Access Control
- https://gist.github.com/Sanka1pp/c6f20cd6db1fbb1f0e7e199ead66691d Exploit
- https://packetstorm.news/files/id/213711 Exploit Mitigation Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026