CRITICAL🇵🇱 Wersja polska

CVE-2025-56212

CVSS 9.8v3.1pub. 2025-08-25upd. 2026-04-06

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation and sanitization of user input data passed to the docname parameter in the add-doctor.php file. An attacker can inject malicious SQL code directly into the query executed by the database, allowing manipulation of query logic. The attack can be performed remotely without the need to possess any privileges or user interaction.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database (including patient and medical staff data), modify or delete records, and under favorable conditions lead to complete loss of system availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and restrict access to sensitive application files at the web server level.

Who is affected

phpgurukul Hospital Management System version 4.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul Hospital Management System

    APP
    Phpgurukul
    4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-56214CRITICAL9.8PL ✓ten sam produkt

SQL Injection w phpgurukul Hospital Management System 4.0 (parametr username)

CVE-2024-51360CRITICAL9.8PL ✓ten sam produkt

RCE w Phpgurukul Hospital Management System v4.0 przez edit-profile.php

CVE-2020-26629CRITICAL9.8PL ✓ten sam produkt

Nieograniczony upload plików w Hospital Management System V4.0

CVE-2023-31498CRITICAL9.8ten sam produkt

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote atta...

CVE-2022-24263CRITICAL9.8ten sam produkt

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Managemen...