CVE-2025-70063

{"id": "CVE-2025-70063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-18T19:21:42.383", "references": [{"url": "https://gist.github.com/Sanka1pp/f43c7eca5048152899e14412523afe80", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://packetstorm.news/files/id/213711", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer."}, {"lang": "es", "value": "El m\u00f3dulo 'Medical History' en PHPGurukul Hospital Management System v4.0 contiene una vulnerabilidad de Referencia Directa Insegura a Objeto (IDOR). La aplicaci\u00f3n no verifica que el par\u00e1metro 'viewid' solicitado pertenezca al paciente actualmente autenticado. Esto permite a un usuario acceder a los registros m\u00e9dicos confidenciales de otros pacientes al iterar el entero 'viewid'."}], "lastModified": "2026-02-26T22:33:37.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}