Cross-Site Request Forgery Vulnerability in PHPGurukul Medical Card Generation System
CVE-2025-50369

6.5MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-50369?

The Manage Card functionality in PHPGurukul's Medical Card Generation System version 1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability. This issue permits an unauthorized user to delete medical card records simply by sending a GET request, without any verification of the request's origin. The flaw poses significant risks as it allows potentially malicious actors to compromise sensitive medical data without proper authentication.

References

https://github.com/1h3ll/CVEs/blob/main/CSRF-MANAGECARD_M...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 16, 2025