PT-2026-20484 · Phpgurukul · Phpgurukul Hospital Management System
Published
2026-02-18
·
Updated
2026-02-23
·
CVE-2025-70064
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Hospital Management System version 4.0
Description
PHPGurukul Hospital Management System version 4.0 contains a privilege escalation issue. A low-privileged user, such as a Patient, can access the Administrator Dashboard and its sub-modules, including User Logs and Doctor Management, by directly navigating to the
/admin/ directory after authentication. This allows a self-registered user to gain control of the application, view sensitive logs, and alter system data. The vulnerable component is the access control mechanism that allows unauthorized access to administrative functions.Recommendations
Restrict access to the
/admin/ directory to authorized users only.Exploit
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Hospital Management System