Lucene search
K

25 matches found

Patchstack
Patchstack
added 2026/01/23 7:43 a.m.8 views

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin KiviCare versions = 3.6.15...

5.3CVSS5.5AI score0.003EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2025/05/22 12:0 a.m.102 views

📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution

This Metasploit module exploits an SQL injection vulnerability in the login portal, allowing an attacker to log in as an admin. Next, it allows the attacker to upload malicious files through user modification to achieve remote code execution. This module requires Metasploit:...

9.8CVSS8.9AI score0.19373EPSS
Exploits8
Cvelist
Cvelist
added 2025/04/01 6:24 p.m.39 views

CVE-2025-3096 Clinics Patient Management System SQL Injection

Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page...

9.3CVSS0.01376EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2025/04/01 6:24 p.m.9 views

CVE-2025-3096 Clinics Patient Management System SQL Injection

Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page...

9.3CVSS8.1AI score0.03271EPSS
Exploits4References2
CVE
CVE
added 2025/04/01 6:24 p.m.81 views

CVE-2025-3096

Clinic’s Patient Management System 2.0 is described as having a SQL injection in the login page. The connected PacketStorm item documents a proof-of-concept combining SQL injection authentication bypass with an unrestricted file upload to achieve full compromise, i.e., unauthenticated access and ...

9.3CVSS8.1AI score0.03271EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

WordPress plugin KiviCare – Clinic & Patient Management System (EHR) SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.8CVSS8.8AI score0.00486EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2025/01/10 7:46 p.m.19 views

Metasploit Wrap-Up 01/10/2025

New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...

8.7CVSS9.7AI score0.24822EPSS
Exploits8
Metasploit
Metasploit
added 2024/12/18 6:57 p.m.482 views

Clinic's Patient Management System 1.0 - Unauthenticated RCE

This module exploits an unauthenticated file upload vulnerability in Clinic's Patient Management System 1.0. An attacker can upload a PHP web shell and execute it by leveraging directory listing enabled on the /pms/userimages directory. Module Options msf use...

9.8CVSS8.6AI score0.19373EPSS
Exploits6
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.6 views

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0, which stems from an incorrect manipulation of the parameter userid that can lead to sql injection...

8.8CVSS7.1AI score0.007EPSS
Exploits1References4
OSV
OSV
added 2022/10/31 4:15 p.m.2 views

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

9.8CVSS6AI score0.19373EPSS
Exploits6References3
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.7 views

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for Carlo Montero's clinics. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0 due to unknown functionality in the index.php file of the component Login, where manipulation of the parameter...

9.8CVSS8.3AI score0.00659EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.4 views

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0, which stems from some unknown functionality in the file drugdetails.php, where the operation of argument medicin...

9.8CVSS8.4AI score0.00654EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-23503 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: A SQL injection issue was found in the system, specifically via the id parameter at the "/pms/update patient.php" API endpoint. Recommendations: For Clinic's Patient Management Syste...

9.8CVSS7.9AI score0.00642EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.3 views

PT-2022-23272 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...

6.1CVSS5.7AI score0.00496EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/21 12:0 a.m.4 views

Clinic’s Patient Management System 跨站脚本漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version v1.0, which stems from a cross-site scripting XSS vulnerability in patient.php...

6.1CVSS5.8AI score0.00496EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/17 6:15 p.m.2 views

CVE-2022-35117

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...

4.8CVSS6AI score0.00479EPSS
Exploits1References2
OSV
OSV
added 2022/08/17 6:15 p.m.4 views

CVE-2022-35117

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...

4.8CVSS5.9AI score0.00479EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/08/17 12:0 a.m.4 views

Clinic’s Patient Management System 跨站脚本漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version v1.0, which originates from a cross-site scripting XSS vulnerability contained via updatemedicinedetails.php that allows a...

4.8CVSS5.5AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.3 views

Clinic‘s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System v1.0, which can be exploited to construct special strings for SQL injection...

9.8CVSS8.5AI score0.00754EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.3 views

PT-2022-23271 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to SQL Injection via the "/pms/update medicine.php?id=" endpoint. This allows for potential manipulation of database queries using the id variable...

9.8CVSS7.7AI score0.00754EPSS
Exploits0References4
Rows per page
Query Builder