EUVD-2025-21349CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
PHPGurukul Hospital Management System 4.0 contains a critical SQL injection vulnerability in the /user-login.php file's Username parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, enabling unauthorized access to sensitive hospital patient data, user credentials, and potential system compromise. With a CVSS score of 7.3 and an attack vector requiring only network access and no authentication, this represents an immediate threat to healthcare organizations running affected versions.
Technical Context
The vulnerability is a classic SQL injection flaw (CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component) in a PHP-based hospital management web application. The /user-login.php endpoint fails to properly sanitize or parameterize user-supplied input in the Username parameter before incorporating it into SQL queries. This allows attackers to inject SQL metacharacters and commands that alter query logic. PHPGurukul Hospital Management System 4.0 is a PHP application designed for hospital operations management; the affected version likely uses direct SQL query concatenation rather than prepared statements or parameterized queries. The technology stack involves PHP, likely MySQL or similar relational database backend, and web-based authentication mechanisms.
Affected Products
PHPGurukul Hospital Management System version 4.0 is the confirmed affected version. The vulnerability specifically impacts the /user-login.php file. No CPE strings were provided in the source data, but the affected product can be identified as: 'PHPGurukul Hospital Management System' (vendor: PHPGurukul/Open Source, product: Hospital Management System, version: 4.0). Healthcare organizations deploying this open-source system are at risk. Affected configurations include default installations where the /user-login.php endpoint is exposed to network access without additional authentication layers or WAF protections.
Remediation
Immediate Actions: (1) Patch/Upgrade - Update PHPGurukul Hospital Management System to version 5.0 or later if available; verify patch availability from PHPGurukul official repositories or GitHub; (2) If no patch is available - implement prepared statements with parameterized queries for all database operations in /user-login.php, replacing direct SQL concatenation; (3) Input Validation - Implement strict whitelist validation on the Username parameter (alphanumeric only, maximum length enforcement); (4) Web Application Firewall - Deploy WAF rules blocking common SQL injection payloads (single quotes, SQL keywords like UNION, OR 1=1); (5) Access Controls - Restrict network access to /user-login.php to expected user groups; use reverse proxy authentication; (6) Database Hardening - Apply principle of least privilege to database user accounts used by the application; disable dangerous functions like exec() in PHP; (7) Monitoring - Implement logging and alerting for failed SQL queries and suspicious authentication attempts. Vendor advisory should be checked at PHPGurukul's official channels or GitHub repository for official patch status.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today