CVE-2025-70063

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The 'Medical History' module is susceptible to an Insecure Direct Object Reference (IDOR) issue. The application does not properly validate whether the requested viewid parameter corresponds to the currently logged-in patient. This allows a user to view the medical records of other patients by manipulating the viewid integer. The API endpoint involved is not explicitly mentioned.

Recommendations Ensure proper access control checks are implemented to verify that the viewid parameter belongs to the currently authenticated patient before granting access to medical records.