Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026
CVE-2025-70063
CVE-2025-70063
Description
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 4.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.