CVE-2025-50369

Name of the Vulnerable Software and Affected Versions: PHPGurukul Medical Card Generation System version 1.0

Description: A Cross-Site Request Forgery (CSRF) issue exists in the Manage Card functionality, specifically at the "/mcgs/admin/manage-card.php" endpoint. This allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.

Recommendations: For PHPGurukul Medical Card Generation System version 1.0, consider implementing proper request origin verification to prevent unauthorized actions. As a temporary workaround, restrict access to the "/mcgs/admin/manage-card.php" endpoint to minimize the risk of exploitation.