CVE-2020-5191

MEDIUM NUCLEI

PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5191. PoCs published by FULLSHADE. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Hospital Management System 4.0 via the 'doctorspecilization' parameter. The payload is injected via POST request and stored in the application, triggering when viewed.

Description

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

Exploits (1)

exploitdb WORKING POC VERIFIED
by FULLSHADE · textwebappsphp
https://www.exploit-db.com/exploits/47841

This exploit demonstrates a persistent XSS vulnerability in Hospital Management System 4.0 via the 'doctorspecilization' parameter. The payload is injected via POST request and stored in the application, triggering when viewed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Hospital Management System v4.0
Auth required
Prerequisites: Access to the admin panel · Valid session cookie (PHPSESSID)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PHPGurukul Hospital Management System - Cross-Site Scripting
MEDIUMVERIFIEDby TenBird
Shodan: http.html:"hospital management system"
FOFA: body="hospital management system"

References (2)

Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://phpgurukul.com/hospital-management-system-in-php/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47841

Scores

CVSS v3 6.1
EPSS 0.0552
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpgurukul/hospital_management_system 4.0
Published Jan 06, 2020
Tracked Since Feb 18, 2026