VYPR

Remote Clinic

by Remoteclinic

CVEs (15)

  • CVE-2025-9775HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be…

  • CVE-2025-9772HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This…

  • CVE-2025-9802MedSep 2, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.

  • CVE-2025-9773MedSep 1, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be…

  • CVE-2021-31327Apr 21, 2021
    risk 0.03cvss epss 0.02

    Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.

  • CVE-2021-31329Apr 21, 2021
    risk 0.03cvss epss 0.02

    Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php

  • CVE-2021-30030Apr 12, 2021
    risk 0.03cvss epss 0.02

    Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.

  • CVE-2021-30034Apr 12, 2021
    risk 0.03cvss epss 0.02

    Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.

  • CVE-2021-30042Apr 12, 2021
    risk 0.03cvss epss 0.02

    Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php

  • CVE-2023-33480Nov 7, 2023
    risk 0.01cvss epss 0.02

    RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by…

  • CVE-2025-9774Sep 1, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been…

  • CVE-2023-33479Nov 7, 2023
    risk 0.00cvss epss 0.01

    RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.

  • CVE-2023-33478Nov 7, 2023
    risk 0.00cvss epss 0.01

    RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.

  • CVE-2023-33481Nov 7, 2023
    risk 0.00cvss epss 0.01

    RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.

  • CVE-2022-48152Jan 20, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.