Phpgurukul Medical Card Generation System Cross-Site Request Forgery Vulnerability in Inquiry Management

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Inquiry Management feature of Phpgurukul Medical Card Generation System version 1.0. The issue resides in the admin inquiry reading endpoint, which allows authenticated administrators to delete inquiry records using a simple GET request. This action can be performed without a CSRF token or any validation of the request's origin.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of inquiry records by authenticated admin users.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phpgurukul Medical Card Generation System Cross-Site Request Forgery Vulnerability in Inquiry Management

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating