Lucene search
K
RemoteclinicRemote Clinic

17 matches found

CVE
CVE
added 2021/04/12 11:6 p.m.100 views

CVE-2021-30039

CVE-2021-30039 affects Remote Clinic v2.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the web form fields at patients/register-report.php, specifically the Fever and Blood Pressure fields. Root cause: inadequate input validation/sanitization allowing script injection that can execu...

5.4CVSS5.3AI score0.01773EPSS
Web
CVE
CVE
added 2021/04/12 11:6 p.m.98 views

CVE-2021-30042

CVE-2021-30042 describes a stored XSS vulnerability in Remote Clinic v2.0 exploitable via the Clinic Name/Address/City/Contact fields on clinics/register.php. Multiple sources (NVD, Red Hat, CNVD, CVE List) confirm the issue and its impact to inject scripts. Public details do not provide a patche...

5.4CVSS5.3AI score0.01773EPSS
Web
CVE
CVE
added 2021/04/12 11:6 p.m.97 views

CVE-2021-30030

CVE-2021-30030 affects Remote Clinic v2.0. The vulnerability is a Cross-Site Scripting (XSS) in the Full Name field of register-patient.php, demonstrated as stored XSS (examples use payloads like XSS">

5.4CVSS5.3AI score0.01773EPSS
Web
CVE
CVE
added 2021/04/12 11:6 p.m.94 views

CVE-2021-30044

CVE-2021-30044 is a Cross-Site Scripting (XSS) vulnerability in Remote Clinic v2.0 exploitable via the First Name or Last Name field on staff/register.php. The connected sources confirm the affected product and entry details, including public exploit references and multiple security databases des...

5.4CVSS5.3AI score0.01773EPSS
Web
CVE
CVE
added 2021/04/12 11:6 p.m.93 views

CVE-2021-30034

Affected software: Remote Clinic UI v2.0 (Remote Clinic v2.0)\nVulnerability: Stored cross-site scripting (XSS) in the Symptoms field on patients/register-report.php, enabling injected script execution via user-provided input.\nRoot cause / vector: Malicious input stored in the Symptoms field is ...

5.4CVSS5.3AI score0.01773EPSS
Web
CVE
CVE
added 2021/04/21 3:25 p.m.68 views

CVE-2021-31329

CVE-2021-31329 describes a Cross Site Scripting (XSS) vulnerability in Remote Clinic v2.0, exploitable via the Chat and Personal Address fields on staff/register.php. The connected documents corroborate the issue (CNVD/CNNVD, Red Hat/PRION/CVE lists, and Exploit DB entry referencing Stored XSS in...

5.4CVSS5.4AI score0.01663EPSS
Web
CVE
CVE
added 2023/11/07 12:0 a.m.61 views

CVE-2023-33479

CVE-2023-33479 affects RemoteClinic version 2.0 and is a SQL injection vulnerability in the /staff/edit.php file. The vulnerability’s impact is described as high/critical across sources, with CVSS v3.1 scores of 9.8 (CRITICAL), indicating potential confidentiality, integrity, and availability imp...

9.8CVSS9.6AI score0.00738EPSS
CVE
CVE
added 2021/04/21 3:49 p.m.52 views

CVE-2021-31327

Remote Clinic v2.0 contains a stored XSS vulnerability in the /medicines endpoint, exploitable via the Medicine Name field. Public documents from multiple sources (NVD, Red Hat, CNVD, CNNVD, etc.) consistently identify Stored XSS as the impact; exact root cause details (input handling, sanitizati...

5.4CVSS5.2AI score0.01663EPSS
CVE
CVE
added 2023/11/07 12:0 a.m.47 views

CVE-2023-33478

RemoteClinic 2.0 is affected by a SQL injection in the ID parameter of /medicines/stocks.php. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE entries) with CVSS v3.1 base score 9.8 (CRITICAL) and an attack vector of NETWORK, requiring no privileges or user interaction. Th...

9.8CVSS9.7AI score0.00738EPSS
Web
CVE
CVE
added 2021/11/05 4:0 p.m.46 views

CVE-2021-39416

CVE-2021-39416 affects Remote Clinic v2.0, with multiple XSS vulnerabilities across several PHP endpoints (patients/register-patient.php, patients/edit-patient.php, staff/edit-my-profile.php, clinics/settings.php) and numerous parameters (e.g., Contact, Email, Address, opening_time, currency, etc...

6.1CVSS6.2AI score0.01093EPSS
Web
CVE
CVE
added 2023/11/07 12:0 a.m.41 views

CVE-2023-33480

CVE-2023-33480 affects RemoteClinic 2.0. The issue stems from lack of input validation and access control in staff/register.php and edit-my-profile.php, enabling remote attackers with low-privileged credentials to create admin users, escalate privileges, upload PHP code, and execute commands via ...

8.8CVSS9.1AI score0.0193EPSS
Web
CVE
CVE
added 2023/01/20 12:0 a.m.38 views

CVE-2022-48152

CVE-2022-48152 concerns an SQL injection in RemoteClinic 2.0. The vulnerability arises in the /medicines/profile.php endpoint via the id parameter, allowing attackers to execute arbitrary commands and disclose sensitive information. The referenced sources consistently describe a critical impact (...

9.8CVSS9.9AI score0.00792EPSS
Web
CVE
CVE
added 2023/11/07 12:0 a.m.35 views

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection in the 'start' parameter of patients/index.php. The issue stems from improper handling of user input in that endpoint, enabling an attacker to infer data via time-based responses. Impact is described as high/confidentiality, integ...

9.8CVSS9.7AI score0.00738EPSS
Web
CVE
CVE
added 2025/09/01 10:2 a.m.22 views

CVE-2025-9773

RemoteClinic up to version 2.0 contains a cross-site scripting flaw in /staff/edit.php caused by manipulation of the Last Name parameter. The vulnerability can be exploited remotely after a published exploit; impact is limited to confidentiality and integrity, with no availability impact indicate...

6.1CVSS4AI score0.00364EPSS
Web
CVE
CVE
added 2025/09/01 11:2 a.m.20 views

CVE-2025-9775

CVE-2025-9775 affects RemoteClinic up to version 2.0. The vulnerability is in the file /staff/edit-my-profile.php where the image parameter can be manipulated to achieve unrestricted file upload. Attacks may be launched remotely, and the exploit has been publicly disclosed. Several connected sour...

9.8CVSS7.2AI score0.0049EPSS
Web
CVE
CVE
added 2025/09/01 10:32 a.m.16 views

CVE-2025-9774

CVE-2025-9774 affects RemoteClinic up to version 2.0. The vulnerability stems from how the application processes the file /patients/edit-patient.php, where manipulation of the Email argument can lead to information disclosure. The issue can be triggered remotely and the exploit has been disclosed...

5.3CVSS4.8AI score0.00358EPSS
Web
CVE
CVE
added 2025/09/01 9:32 a.m.15 views

CVE-2025-9772

RemoteClinic

9.8CVSS7.3AI score0.0049EPSS
Web