{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T05:24:11.784","vulnerabilities":[{"cve":{"id":"CVE-2025-70062","sourceIdentifier":"cve@mitre.org","published":"2026-02-18T19:21:42.270","lastModified":"2026-02-23T21:03:09.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page."},{"lang":"es","value":"PHPGurukul Hospital Management System v4.0 contiene una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo 'Add Doctor'. La aplicación no aplica la validación de tokens CSRF en el endpoint add-doctor.php. Esto permite a atacantes remotos crear cuentas de Doctor arbitrarias (usuarios privilegiados) engañando a un administrador autenticado para que visite una página maliciosa."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*","matchCriteriaId":"DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"}]}]}],"references":[{"url":"https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://packetstorm.news/files/id/213711","source":"cve@mitre.org","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}