CVE-2025-70062

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The application does not properly validate CSRF tokens on the add-doctor.php endpoint, specifically within the 'Add Doctor' module. This allows attackers to create new Doctor accounts, potentially with administrative privileges, by deceiving an authenticated administrator into visiting a malicious webpage. The vulnerability is a Cross-Site Request Forgery (CSRF) issue.

Recommendations Ensure CSRF token validation is implemented and enforced on the add-doctor.php endpoint.