25 matches found
WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability
WordPress KiviCare - Clinic & Patient Management System EHR plugin = 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin KiviCare versions = 3.6.15...
📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution
This Metasploit module exploits an SQL injection vulnerability in the login portal, allowing an attacker to log in as an admin. Next, it allows the attacker to upload malicious files through user modification to achieve remote code execution. This module requires Metasploit:...
CVE-2025-3096 Clinics Patient Management System SQL Injection
Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page...
CVE-2025-3096 Clinics Patient Management System SQL Injection
Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page...
CVE-2025-3096
Clinic’s Patient Management System 2.0 is described as having a SQL injection in the login page. The connected PacketStorm item documents a proof-of-concept combining SQL injection authentication bypass with an unrestricted file upload to achieve full compromise, i.e., unauthenticated access and ...
WordPress plugin KiviCare – Clinic & Patient Management System (EHR) SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
Metasploit Wrap-Up 01/10/2025
New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...
Clinic's Patient Management System 1.0 - Unauthenticated RCE
This module exploits an unauthenticated file upload vulnerability in Clinic's Patient Management System 1.0. An attacker can upload a PHP web shell and execute it by leveraging directory listing enabled on the /pms/userimages directory. Module Options msf use...
Clinic’s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0, which stems from an incorrect manipulation of the parameter userid that can lead to sql injection...
CVE-2022-40471
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...
Clinic’s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for Carlo Montero's clinics. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0 due to unknown functionality in the index.php file of the component Login, where manipulation of the parameter...
Clinic’s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0, which stems from some unknown functionality in the file drugdetails.php, where the operation of argument medicin...
PT-2022-23503 · Unknown · Clinic'S Patient Management System
Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: A SQL injection issue was found in the system, specifically via the id parameter at the "/pms/update patient.php" API endpoint. Recommendations: For Clinic's Patient Management Syste...
PT-2022-23272 · Unknown · Clinic'S Patient Management System
Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...
Clinic’s Patient Management System 跨站脚本漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version v1.0, which stems from a cross-site scripting XSS vulnerability in patient.php...
CVE-2022-35117
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...
CVE-2022-35117
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...
Clinic’s Patient Management System 跨站脚本漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System version v1.0, which originates from a cross-site scripting XSS vulnerability contained via updatemedicinedetails.php that allows a...
Clinic‘s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System v1.0, which can be exploited to construct special strings for SQL injection...
PT-2022-23271 · Unknown · Clinic'S Patient Management System
Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to SQL Injection via the "/pms/update medicine.php?id=" endpoint. This allows for potential manipulation of database queries using the id variable...