Description

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.

INFO

Published Date :

2026-02-18T00:00:00.000Z

Last Modified :

2026-02-18T19:36:48.172Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70063 vulnerability.

Vendors Products
Phpgurukul
  • Hospital Management System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70063.

URL Resource
https://gist.github.com/Sanka1pp/f43c7eca5048152899e14412523afe80 cve-icon cve-icon
https://packetstorm.news/files/id/213711 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact