Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026
CVE-2025-70062
CVE-2025-70062
Description
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =4.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.