{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-56212", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T13:27:17.121Z", "dateReserved": "2025-08-16T00:00:00.000Z", "datePublished": "2025-08-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:27:17.121Z"}, "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-11896/20b47e0ff9d894d"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56212.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-26T13:35:47.203969Z", "id": "CVE-2025-56212", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T13:37:12.849Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-56212", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-26T13:35:47.203969Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T13:36:51.637Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-11896/20b47e0ff9d894d"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56212.md"}], "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:27:17.121Z"}}}, "cveMetadata": {"cveId": "CVE-2025-56212", "state": "PUBLISHED", "dateUpdated": "2026-04-06T13:27:17.121Z", "dateReserved": "2025-08-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-08-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter."}, {"lang": "es", "value": "phpgurukul Hospital Management System 4.0 es vulnerable a la inyecci\u00f3n SQL en add-doctor.php a trav\u00e9s del par\u00e1metro docname."}], "id": "CVE-2025-56212", "lastModified": "2026-04-06T14:16:21.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-25T15:15:41.590", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://doc.clickup.com/3897127/p/h/3pxt7-11896/20b47e0ff9d894d"}, {"source": "cve@mitre.org", "url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56212.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:52:47.596481+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of PHPGurukul Hospital Management System that removes the SQL injection vulnerability.", "Modify the add-doctor.php code to use prepared statements or parameterized queries for the docname input, rejecting untrusted data.", "Configure the database account used by the web application with the least privileges necessary, preventing broad data manipulation."], "summary": {"action": "Patch Immediately", "impact": "Data Breach via SQL Injection in Hospital Management System"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in PHPGurukul Hospital Management System version 4.0; the affected component is add-doctor.php, accessed through the docname parameter. No other products or versions are listed as affected.", "description_and_impact": "A vulnerable parameter in the add-doctor.php page allows an attacker to inject arbitrary SQL statements. This flaw can expose patient records, modify or delete database entries, and potentially compromise the integrity of the entire system. The impact is a direct loss of confidentiality and integrity for sensitive healthcare data.", "risk_and_exploitability": "The CVSS score of 9.8 marks the flaw as critical, indicating high potential impact. The EPSS score of <1% suggests a low current likelihood of exploitation, and the vulnerability is not yet catalogued in CISA KEV. Based on the description, it is inferred that attackers could exploit the flaw by sending a crafted HTTP request to add-doctor.php, provided they can reach the web application and supply a malicious payload."}}}}, "created": "2025-08-25T21:53:02.863857+00:00", "title": "SQL Injection in Hospital Management System's Doctor Addition Feature", "updated": "2026-04-28T11:00:14.153409+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$hospital_management_system"]}