CVE-2020-35745

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Hospital Management System version 4.0

Description: The issue allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs due to improper restriction of access to admin/dashboard.php.

Recommendations: For PHPGURUKUL Hospital Management System version 4.0, restrict access to the admin/dashboard.php endpoint to prevent unauthorized access. As a temporary workaround, consider disabling access to admin/dashboard.php until a patch is available.