Remote Clinic Security Vulnerabilities and Issues — Remote Clinic CVE List

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php

5.4CVSS5.3AI score0.00148EPSS

Web

CVE•added 2021/04/21 4:15 p.m.•55 views

CVE-2021-31329

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php

5.4CVSS5.4AI score0.0037EPSS

Web

CVE•added 2023/11/07 3:15 p.m.•50 views

CVE-2023-33479

RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.

9.8CVSS9.6AI score0.00352EPSS

CVE•added 2021/04/21 4:15 p.m.•43 views

CVE-2021-31327

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.

5.4CVSS5.2AI score0.0037EPSS

CVE•added 2021/11/05 4:15 p.m.•33 views

CVE-2021-39416

Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a...

6.1CVSS6.2AI score0.00595EPSS

Web

CVE•added 2023/11/07 3:15 p.m.•30 views

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.

9.8CVSS9.7AI score0.00352EPSS

Web

CVE•added 2023/01/20 7:15 p.m.•28 views

CVE-2022-48152

SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.

9.8CVSS9.9AI score0.00069EPSS

Web

CVE•added 2023/11/07 3:15 p.m.•26 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input val...

8.8CVSS9.1AI score0.05116EPSS

Web

CVE•added 2023/11/07 3:15 p.m.•25 views

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.

9.8CVSS9.7AI score0.00352EPSS

Web

CVE•added 2025/09/01 11:15 a.m.•6 views

CVE-2025-9774

A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and...

5.3CVSS4.8AI score0.00027EPSS

Web

CVE•added 2025/09/01 10:15 a.m.•5 views

CVE-2025-9772

A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only af...

9.8CVSS7.3AI score0.0004EPSS

Web

CVE•added 2025/09/01 10:15 a.m.•5 views

CVE-2025-9773

A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.

6.1CVSS4AI score0.00028EPSS

Web

CVE•added 2025/09/01 11:15 a.m.•5 views

CVE-2025-9775

A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.

9.8CVSS7.2AI score0.0004EPSS

Web