CRITICAL🇵🇱 Wersja polska

CVE-2024-51360

CVSS 9.8v3.1pub. 2025-05-23upd. 2025-05-29

An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file

🤖 AI Analysis
How it works

The vulnerability is located in the hms/doctor/edit-profile.php file and belongs to the CWE-94 (Code Injection) class. An attacker can send crafted data to the vulnerable endpoint without requiring authentication, allowing injection and execution of malicious code on the server side. The lack of requirements for privileges and user interaction (PR:N, UI:N) significantly lowers the threshold for an attacker.

Impact

An attacker can gain full control over the server — including access to sensitive patient and medical staff data, modification or deletion of data, and potential takeover of the entire application infrastructure (full impact on confidentiality, integrity, and availability).

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Until the patch is implemented, it is recommended to restrict access to the hms/doctor/edit-profile.php file at the firewall or web server level and monitor suspicious traffic directed to this endpoint.

Who is affected

Phpgurukul Hospital Management System In PHP version 4.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul Hospital Management System

    APP
    Phpgurukul
    4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-56212CRITICAL9.8PL ✓ten sam produkt

SQL Injection w phpgurukul Hospital Management System 4.0 (add-doctor.php)

CVE-2025-56214CRITICAL9.8PL ✓ten sam produkt

SQL Injection w phpgurukul Hospital Management System 4.0 (parametr username)

CVE-2020-26629CRITICAL9.8PL ✓ten sam produkt

Nieograniczony upload plików w Hospital Management System V4.0

CVE-2023-31498CRITICAL9.8ten sam produkt

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote atta...

CVE-2022-24263CRITICAL9.8ten sam produkt

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Managemen...