CVE-2025-70062

Published: Feb 18, 2026

Modified: Feb 18, 2026

PUBLISHED

Description

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2

https://packetstorm.news/files/id/213711

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70062

Description

Affected Products

References