CVE-2026-2134

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description A security issue exists in PHPGurukul Hospital Management System 4.0. Manipulation of the ID argument in an unknown function within the /hms/admin/manage-doctors.php file can lead to SQL injection. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Apply updates to address the issue in the affected file /hms/admin/manage-doctors.php. As a temporary workaround, consider restricting access to the /hms/admin/manage-doctors.php file to minimize the risk of exploitation.