CVE-2025-50370

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50370
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/1h3ll/CVEs/blob/main/CSRF-ReadEnquiry_Medicalcard_Generations_System.md Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:anujk305:medical_card_generation_system:1.0:*:*:*:*:*:*:*
History

01 Jul 2025, 18:13

Type Values Removed Values Added
First Time Anujk305 medical Card Generation System
Anujk305
CPE cpe:2.3:a:anujk305:medical_card_generation_system:1.0:*:*:*:*:*:*:*
References () https://github.com/1h3ll/CVEs/blob/main/CSRF-ReadEnquiry_Medicalcard_Generations_System.md - () https://github.com/1h3ll/CVEs/blob/main/CSRF-ReadEnquiry_Medicalcard_Generations_System.md - Broken Link

30 Jun 2025, 18:38

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en la función de gestión de consultas /mcgs/admin/readenq.php de Phpgurukul Medical Card Generation System 1.0. El endpoint vulnerable permite a un administrador autenticado eliminar registros de consultas mediante una simple solicitud GET, sin necesidad de un token CSRF ni de validar el origen de la solicitud.

27 Jun 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-352

27 Jun 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-27 16:15

Updated : 2025-07-01 18:13

NVD link : CVE-2025-50370

Mitre link : CVE-2025-50370

CVE.ORG link : CVE-2025-50370

JSON object : View

Products Affected

anujk305

  • medical_card_generation_system
CWE
CWE-352

Cross-Site Request Forgery (CSRF)