{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-56216", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T13:30:26.017Z", "dateReserved": "2025-08-16T00:00:00.000Z", "datePublished": "2025-08-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:30:26.017Z"}, "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-11876/0a7da72fe66f76a"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56216.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T14:58:42.386116Z", "id": "CVE-2025-56216", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T15:04:52.492Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-56216", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T14:58:42.386116Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T15:00:50.686Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-11876/0a7da72fe66f76a"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56216.md"}], "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:30:26.017Z"}}}, "cveMetadata": {"cveId": "CVE-2025-56216", "state": "PUBLISHED", "dateUpdated": "2026-04-06T13:30:26.017Z", "dateReserved": "2025-08-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-08-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter."}, {"lang": "es", "value": "phpgurukul Hospital Management System 4.0 es vulnerable a una inyecci\u00f3n SQL en about-us.php a trav\u00e9s del par\u00e1metro pagetitle."}], "id": "CVE-2025-56216", "lastModified": "2026-04-06T14:16:22.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-25T15:15:42.023", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://doc.clickup.com/3897127/p/h/3pxt7-11876/0a7da72fe66f76a"}, {"source": "cve@mitre.org", "url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-56216.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T22:21:37.514377+00:00", "value": {"mitigation_remediation": ["Apply the official patch or upgrade PHPgurukul Hospital Management System to the latest version that resolves the SQL injection flaw.", "Sanitize or validate the pagetitle parameter on the server side before it is used in any database query, ensuring only legitimate input is accepted.", "Review Web Application Firewall or input filtering rules to block suspicious SQL patterns and monitor access logs for anomalous activity related to about\u2011us.php."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized database access with potential data breach or modification"}, "threat_synthesis": {"affected_systems": "PHPGurukul Hospital Management System version 4.0 is affected. No other versions or products are listed as impacted.", "description_and_impact": "The vulnerability in PHPgurukul Hospital Management System 4.0 allows an attacker to inject arbitrary SQL when the pagetitle parameter is passed to about\u2011us.php. The flaw can be used to read sensitive patient records, alter data, or delete database entries, thereby compromising confidentiality, integrity, and possibly availability of the hospital\u2019s information system.", "risk_and_exploitability": "The vulnerability scores 8.5 on the CVSS scale, indicating high severity. Its EPSS score is below 1%, suggesting that, at present, exploitation is unlikely, and it is not listed in the CISA KEV catalog. Nonetheless, an attacker could exploit the vulnerability via a web request to about\u2011us.php, possibly by manipulating the pagetitle query string or POST data, to execute arbitrary SQL commands against the backend database."}}}}, "created": "2025-08-25T21:53:04.980351+00:00", "title": "Hospital Management System SQL Injection via pagetitle Parameter", "updated": "2026-04-22T22:30:28.827595+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$hospital_management_system"]}