CVE-2025-70063
MED 6.5The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.
Affected Applications in Environment
12
php
v2:8.4+101~+ubuntu24.04.1+deb.sury.org+1
8 devices
php
v2:8.4+100~+ubuntu24.04.1+deb.sury.org+1
1 device
php
v5.4.16-48.el7
1 device
php
v2:7.4+75
3 devices
php
v2:8.4+101~+ubuntu22.04.1+deb.sury.org+1
1 device
php
v2:8.2+93
1 device
php
v1:7.0+35ubuntu6.1
1 device
php
v2:8.4+96+ubuntu20.04.1+deb.sury.org+1
1 device
php
v2:8.4+100~+ubuntu22.04.1+deb.sury.org+1
1 device
php
v2:8.1+92ubuntu1
1 device
php
v2:8.3+93ubuntu2
5 devices
php
v1:7.2+60ubuntu1
1 device
Affected Devices
25
aggietower
Linux
ah-ots
Linux
cceredcapweb
Linux
guru.cluster
Linux
kena-utility
Linux
my1
Linux
mysql02
Linux
privatebin
Linux
rcbd
Linux
rcdb-dev
Linux
redcapweb
Linux
sys-serv-l-301-data
Linux
web04a
Linux
web06
Linux
web08.usu.edu
Linux
web11.usu.edu
Linux
web13.usu.edu
Linux
web14.usu.edu
Linux
web20
Linux
web22
Linux
web28
Linux
web29.usu.edu
Linux
web30.usu.edu
Linux
web37.usu.edu
Linux
webs.usu.edu
Linux