CVE-2020-35745

Published: Jan 7, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.phpgurukul.com/hospital-management-system-in-php/

x_refsource_MISC

https://medium.com/%40ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0

x_refsource_MISC

https://www.youtube.com/watch?v=vnSsg6iwV9Y&feature=youtu.be&ab_channel=ashketchum

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35745

Description

Affected Products

References