26 matches found
EUVD-2022-50863
Malicious code in bioql PyPI...
EUVD-2023-37641
Malicious code in bioql PyPI...
CVE-2025-9802
A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33481
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...
CVE-2023-33478
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...
CVE-2023-33481
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
Sql injection
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...
Sql injection
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...
Design/Logic Flaw
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33478
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33478
RemoteClinic 2.0 is affected by a SQL injection in the ID parameter of /medicines/stocks.php. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE entries) with CVSS v3.1 base score 9.8 (CRITICAL) and an attack vector of NETWORK, requiring no privileges or user interaction. Th...
CVE-2023-33481
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...
CVE-2023-33481
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...
CVE-2023-33478
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33480
CVE-2023-33480 affects RemoteClinic 2.0. The issue stems from lack of input validation and access control in staff/register.php and edit-my-profile.php, enabling remote attackers with low-privileged credentials to create admin users, escalate privileges, upload PHP code, and execute commands via ...
Sql injection
SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php...