CRITICAL🇵🇱 Wersja polska

CVE-2025-56214

CVSS 9.8v3.1pub. 2025-08-25upd. 2026-04-06

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

🤖 AI Analysis
How it works

An attacker submits crafted data in the 'username' parameter of the login form in the index.php file, which is included in the SQL query without proper validation or parameterization. This allows injection of arbitrary SQL instructions directly into the query executed by the database. The attack requires no authentication or user interaction.

Impact

An attacker can gain unauthorized access to the database, read, modify or delete sensitive patient and medical staff data, and under favorable conditions take full control of the system or database server.

Mitigation & patch

Apply patches available from the vendor according to references. As interim measures, it is recommended to restrict system access only to trusted networks, implement WAF rules blocking SQL Injection attempts, and replace dynamic SQL queries with parameterized queries (prepared statements).

Who is affected

phpgurukul Hospital Management System version 4.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul Hospital Management System

    APP
    Phpgurukul
    4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-56212CRITICAL9.8PL ✓ten sam produkt

SQL Injection w phpgurukul Hospital Management System 4.0 (add-doctor.php)

CVE-2024-51360CRITICAL9.8PL ✓ten sam produkt

RCE w Phpgurukul Hospital Management System v4.0 przez edit-profile.php

CVE-2020-26629CRITICAL9.8PL ✓ten sam produkt

Nieograniczony upload plików w Hospital Management System V4.0

CVE-2023-31498CRITICAL9.8ten sam produkt

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote atta...

CVE-2022-24263CRITICAL9.8ten sam produkt

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Managemen...