CVE-2024-56997 – PHPGurukul Hospital Management System 4.0 conta... (How to Fix)

Q: What is the severity of CVE-2024-56997?

CVE-2024-56997 has a CVSS score of 4.2 (MEDIUM). PHPGurukul Hospital Management System 4.0 contains a stored cross-site scripting (XSS) vulnerability in the doctor portal's email parameter. This allows attackers to inject malicious scripts that execute when legitimate users view the affected page. Hospital staff and administrators using the system are potentially affected.

📋 TL;DR

PHPGurukul Hospital Management System 4.0 contains a stored cross-site scripting (XSS) vulnerability in the doctor portal's email parameter. This allows attackers to inject malicious scripts that execute when legitimate users view the affected page. Hospital staff and administrators using the system are potentially affected.

💻 Affected Systems

Products:

PHPGurukul Hospital Management System

Versions: 4.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default installation. Requires access to the doctor portal interface.

📦 What is this software?

Hospital Management System by Phpgurukul

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or compromise administrator accounts leading to full system takeover.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the doctor portal interface affecting multiple users who view the malicious content.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting the specific user viewing the malicious content.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires access to doctor portal (authenticated). Public proof-of-concept demonstrates stored XSS via email parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding in /doctor/index.php for the email parameter.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize email input before processing

Modify /doctor/index.php to validate email format and sanitize input using htmlspecialchars() or similar functions

Content Security Policy

all

Implement CSP headers to restrict script execution

Add header("Content-Security-Policy: default-src 'self'") to PHP files

🧯 If You Can't Patch

Restrict access to doctor portal to trusted IP addresses only
Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test by submitting a payload like <script>alert('XSS')</script> in the email field of /doctor/index.php and check if it executes when viewing the page

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Attempt the same XSS payload and verify it's properly sanitized (shows as text, not executed)

📡 Detection & Monitoring

Log Indicators:

Unusual email entries containing script tags or JavaScript code
Multiple failed login attempts to doctor portal

Network Indicators:

HTTP requests with script tags in POST parameters
Unusual outbound connections from hospital system

SIEM Query:

source="web_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=") AND uri_path="/doctor/index.php"

📊 Metadata

CVE ID: CVE-2024-56997

CVSS v3 Score: 4.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: January 21, 2025

Last Updated: April 9, 2025

🔗 References

https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS5%20in%20HMS4.0/stored%20XSS5%20in%20HMS.md Exploit,Third Party Advisory
https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS5%20in%20HMS4.0/stored%20XSS5%20in%20HMS.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56997, you might also want to check these: