Privilege Escalation Vulnerability in PHPGurukul Hospital Management System

CVE-2025-70064

What is CVE-2025-70064?

The Hospital Management System v4.0 by PHPGurukul is susceptible to a privilege escalation flaw that enables low-privileged users, such as patients, to gain unauthorized access to the Administrator Dashboard. By navigating directly to the /admin/ directory post-authentication, these users can access critical sub-modules including User Logs and Doctor Management, compromising sensitive data and system integrity. This vulnerability allows self-registered users to manipulate system information and breach confidentiality protocols.

References