17 matches found
CVE-2021-30039
CVE-2021-30039 affects Remote Clinic v2.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the web form fields at patients/register-report.php, specifically the Fever and Blood Pressure fields. Root cause: inadequate input validation/sanitization allowing script injection that can execu...
CVE-2021-30042
CVE-2021-30042 describes a stored XSS vulnerability in Remote Clinic v2.0 exploitable via the Clinic Name/Address/City/Contact fields on clinics/register.php. Multiple sources (NVD, Red Hat, CNVD, CVE List) confirm the issue and its impact to inject scripts. Public details do not provide a patche...
CVE-2021-30030
CVE-2021-30030 affects Remote Clinic v2.0. The vulnerability is a Cross-Site Scripting (XSS) in the Full Name field of register-patient.php, demonstrated as stored XSS (examples use payloads like XSS">
CVE-2021-30044
CVE-2021-30044 is a Cross-Site Scripting (XSS) vulnerability in Remote Clinic v2.0 exploitable via the First Name or Last Name field on staff/register.php. The connected sources confirm the affected product and entry details, including public exploit references and multiple security databases des...
CVE-2021-30034
Affected software: Remote Clinic UI v2.0 (Remote Clinic v2.0)\nVulnerability: Stored cross-site scripting (XSS) in the Symptoms field on patients/register-report.php, enabling injected script execution via user-provided input.\nRoot cause / vector: Malicious input stored in the Symptoms field is ...
CVE-2021-31329
CVE-2021-31329 describes a Cross Site Scripting (XSS) vulnerability in Remote Clinic v2.0, exploitable via the Chat and Personal Address fields on staff/register.php. The connected documents corroborate the issue (CNVD/CNNVD, Red Hat/PRION/CVE lists, and Exploit DB entry referencing Stored XSS in...
CVE-2023-33479
CVE-2023-33479 affects RemoteClinic version 2.0 and is a SQL injection vulnerability in the /staff/edit.php file. The vulnerability’s impact is described as high/critical across sources, with CVSS v3.1 scores of 9.8 (CRITICAL), indicating potential confidentiality, integrity, and availability imp...
CVE-2021-31327
Remote Clinic v2.0 contains a stored XSS vulnerability in the /medicines endpoint, exploitable via the Medicine Name field. Public documents from multiple sources (NVD, Red Hat, CNVD, CNNVD, etc.) consistently identify Stored XSS as the impact; exact root cause details (input handling, sanitizati...
CVE-2023-33478
RemoteClinic 2.0 is affected by a SQL injection in the ID parameter of /medicines/stocks.php. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE entries) with CVSS v3.1 base score 9.8 (CRITICAL) and an attack vector of NETWORK, requiring no privileges or user interaction. Th...
CVE-2021-39416
CVE-2021-39416 affects Remote Clinic v2.0, with multiple XSS vulnerabilities across several PHP endpoints (patients/register-patient.php, patients/edit-patient.php, staff/edit-my-profile.php, clinics/settings.php) and numerous parameters (e.g., Contact, Email, Address, opening_time, currency, etc...
CVE-2023-33480
CVE-2023-33480 affects RemoteClinic 2.0. The issue stems from lack of input validation and access control in staff/register.php and edit-my-profile.php, enabling remote attackers with low-privileged credentials to create admin users, escalate privileges, upload PHP code, and execute commands via ...
CVE-2022-48152
CVE-2022-48152 concerns an SQL injection in RemoteClinic 2.0. The vulnerability arises in the /medicines/profile.php endpoint via the id parameter, allowing attackers to execute arbitrary commands and disclose sensitive information. The referenced sources consistently describe a critical impact (...
CVE-2023-33481
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection in the 'start' parameter of patients/index.php. The issue stems from improper handling of user input in that endpoint, enabling an attacker to infer data via time-based responses. Impact is described as high/confidentiality, integ...
CVE-2025-9773
RemoteClinic up to version 2.0 contains a cross-site scripting flaw in /staff/edit.php caused by manipulation of the Last Name parameter. The vulnerability can be exploited remotely after a published exploit; impact is limited to confidentiality and integrity, with no availability impact indicate...
CVE-2025-9775
CVE-2025-9775 affects RemoteClinic up to version 2.0. The vulnerability is in the file /staff/edit-my-profile.php where the image parameter can be manipulated to achieve unrestricted file upload. Attacks may be launched remotely, and the exploit has been publicly disclosed. Several connected sour...
CVE-2025-9774
CVE-2025-9774 affects RemoteClinic up to version 2.0. The vulnerability stems from how the application processes the file /patients/edit-patient.php, where manipulation of the Email argument can lead to information disclosure. The issue can be triggered remotely and the exploit has been disclosed...
CVE-2025-9772
RemoteClinic