CVE-2025-70062

{"id": "CVE-2025-70062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-18T19:21:42.270", "references": [{"url": "https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://packetstorm.news/files/id/213711", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page."}, {"lang": "es", "value": "PHPGurukul Hospital Management System v4.0 contiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo 'Add Doctor'. La aplicaci\u00f3n no aplica la validaci\u00f3n de tokens CSRF en el endpoint add-doctor.php. Esto permite a atacantes remotos crear cuentas de Doctor arbitrarias (usuarios privilegiados) enga\u00f1ando a un administrador autenticado para que visite una p\u00e1gina maliciosa."}], "lastModified": "2026-02-23T21:03:09.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}