CVE-2020-23829

interface/new/newcomprehensivesave.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution RCE on the hosting webserver by uploading a maliciously crafted image...

CVE-2018-1000839

LH-EHR version REL-200 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type...

CVE-2025-1572

The CVE-2025-1572 entry concerns KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (versions

CVE-2024-11729 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'servicelist0serviceid' parameter of the getwidgetpaymentoptions AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter an...

CVE-2024-11728 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...