CVE-2025-70062
CSRF Vulnerability in PHPGurukul Hospital System Allows Privilege Escalation
Publication date: 2026-02-18
Last updated on: 2026-02-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | hospital_management_system | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-70062 is a Cross-Site Request Forgery (CSRF) vulnerability found in the PHPGurukul Hospital Management System version 4.0, specifically in the 'Add Doctor' module. The application does not enforce CSRF token validation on the add-doctor.php endpoint. This flaw allows a remote attacker to trick an authenticated administrator into visiting a malicious webpage, which then causes the system to create arbitrary Doctor accounts without the administrator's consent."}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows attackers to create privileged Doctor accounts without authorization. By exploiting the CSRF flaw, an attacker can perform unauthorized actions on behalf of an authenticated administrator, potentially leading to unauthorized access, manipulation of hospital management data, and compromise of system integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by verifying whether the add-doctor.php endpoint enforces CSRF token validation. One practical approach is to attempt to perform the add doctor action without a valid CSRF token and observe if the request is accepted.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves a lack of CSRF protection, you can use tools like curl or Burp Suite to send POST requests to the add-doctor.php endpoint without including a CSRF token and check if the server processes the request.'}, {'type': 'list_item', 'content': 'Example curl command to test the vulnerability (replace URL and parameters accordingly):'}, {'type': 'list_item', 'content': 'curl -X POST https://targetsite.com/add-doctor.php -d "doctor_name=Test&specialization=Test" --cookie "PHPSESSID=your_session_id"'}, {'type': 'paragraph', 'content': 'If the request succeeds without requiring a CSRF token, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this CSRF vulnerability, immediately implement CSRF token validation on the add-doctor.php endpoint to ensure that all requests to add a doctor include a valid, unique token tied to the user's session.
Additionally, educate administrators to avoid clicking on suspicious links while authenticated, as the vulnerability relies on tricking an authenticated user.
If possible, restrict access to the add-doctor.php functionality to trusted IP addresses or networks until a proper fix is deployed.