Description
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
Published: 2025-08-25
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized database access with potential data breach or modification
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in PHPgurukul Hospital Management System 4.0 allows an attacker to inject arbitrary SQL when the pagetitle parameter is passed to about‑us.php. The flaw can be used to read sensitive patient records, alter data, or delete database entries, thereby compromising confidentiality, integrity, and possibly availability of the hospital’s information system.

Affected Systems

PHPGurukul Hospital Management System version 4.0 is affected. No other versions or products are listed as impacted.

Risk and Exploitability

The vulnerability scores 8.5 on the CVSS scale, indicating high severity. Its EPSS score is below 1%, suggesting that, at present, exploitation is unlikely, and it is not listed in the CISA KEV catalog. Nonetheless, an attacker could exploit the vulnerability via a web request to about‑us.php, possibly by manipulating the pagetitle query string or POST data, to execute arbitrary SQL commands against the backend database.

Generated by OpenCVE AI on April 22, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade PHPgurukul Hospital Management System to the latest version that resolves the SQL injection flaw.
  • Sanitize or validate the pagetitle parameter on the server side before it is used in any database query, ensuring only legitimate input is accepted.
  • Review Web Application Firewall or input filtering rules to block suspicious SQL patterns and monitor access logs for anomalous activity related to about‑us.php.

Generated by OpenCVE AI on April 22, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25697 phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
History

Wed, 22 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Hospital Management System SQL Injection via pagetitle Parameter

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Tue, 02 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*

Mon, 25 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul hospital Management System
Vendors & Products Phpgurukul
Phpgurukul hospital Management System

Mon, 25 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
Description phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
References

Subscriptions

Phpgurukul Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T13:30:26.017Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-56216

cve-icon Vulnrichment

Updated: 2025-08-25T15:00:50.686Z

cve-icon NVD

Status : Modified

Published: 2025-08-25T15:15:42.023

Modified: 2026-04-06T14:16:22.113

Link: CVE-2025-56216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:30:28Z

Weaknesses