CVE-2025-50370

Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0

Description: A Cross-Site Request Forgery (CSRF) issue exists in the Inquiry Management functionality, specifically at the "/mcgs/admin/readenq.php" endpoint. This allows an authenticated admin to delete inquiry records via a simple GET request without requiring a CSRF token or validating the request's origin.

Recommendations: For Phpgurukul Medical Card Generation System version 1.0, consider implementing CSRF token validation for the "/mcgs/admin/readenq.php" endpoint to prevent unauthorized actions. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.