Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026

CVE-2025-70062

Description

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

Affected products

PHPGurukul/Hospital Management Systemdescription
Phpgurukul/Hospital Management Systemllm-fuzzy
Range: =4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2mitre
packetstorm.news/files/id/213711mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000