Remote Clinic
by Remoteclinic
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9775 | Hig | 0.47 | 7.3 | 0.00 | Sep 1, 2025 | A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be… | ||
| CVE-2025-9772 | Hig | 0.47 | 7.3 | 0.00 | Sep 1, 2025 | A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This… | ||
| CVE-2025-9802 | Med | 0.31 | 4.7 | 0.00 | Sep 2, 2025 | A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. | ||
| CVE-2025-9773 | Med | 0.28 | 4.3 | 0.00 | Sep 1, 2025 | A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be… | ||
| CVE-2021-31327 | 0.03 | — | 0.02 | Apr 21, 2021 | Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. | |||
| CVE-2021-31329 | 0.03 | — | 0.02 | Apr 21, 2021 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php | |||
| CVE-2021-30030 | 0.03 | — | 0.02 | Apr 12, 2021 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. | |||
| CVE-2021-30034 | 0.03 | — | 0.02 | Apr 12, 2021 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | |||
| CVE-2021-30042 | 0.03 | — | 0.02 | Apr 12, 2021 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php | |||
| CVE-2023-33480 | 0.01 | — | 0.02 | Nov 7, 2023 | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by… | |||
| CVE-2025-9774 | 0.00 | — | 0.00 | Sep 1, 2025 | A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2023-33479 | 0.00 | — | 0.01 | Nov 7, 2023 | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | |||
| CVE-2023-33478 | 0.00 | — | 0.01 | Nov 7, 2023 | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | |||
| CVE-2023-33481 | 0.00 | — | 0.01 | Nov 7, 2023 | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | |||
| CVE-2022-48152 | 0.00 | — | 0.01 | Jan 20, 2023 | SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be…
- CVE-2021-31327Apr 21, 2021risk 0.03cvss —epss 0.02
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
- CVE-2021-31329Apr 21, 2021risk 0.03cvss —epss 0.02
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
- CVE-2021-30030Apr 12, 2021risk 0.03cvss —epss 0.02
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
- CVE-2021-30034Apr 12, 2021risk 0.03cvss —epss 0.02
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
- CVE-2021-30042Apr 12, 2021risk 0.03cvss —epss 0.02
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
- CVE-2023-33480Nov 7, 2023risk 0.01cvss —epss 0.02
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by…
- CVE-2025-9774Sep 1, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been…
- CVE-2023-33479Nov 7, 2023risk 0.00cvss —epss 0.01
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
- CVE-2023-33478Nov 7, 2023risk 0.00cvss —epss 0.01
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
- CVE-2023-33481Nov 7, 2023risk 0.00cvss —epss 0.01
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.
- CVE-2022-48152Jan 20, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.