Remote Clinic

remote_clinic

Vendor: Remoteclinic • 17 CVEs

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-9775 1Remoteclinic 1Remote Clinic Apr 29, 2026 Sep 1, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launch...Show more A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.Show less
CVE-2025-9774 1Remoteclinic 1Remote Clinic Sep 4, 2025 Sep 1, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The att...Show more A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-9773 1Remoteclinic 1Remote Clinic Apr 29, 2026 Sep 1, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be l...Show more A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.Show less
CVE-2025-9772 1Remoteclinic 1Remote Clinic Apr 29, 2026 Sep 1, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated...Show more A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2023-33481 1Remoteclinic 1Remote Clinic Nov 21, 2024 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.
CVE-2023-33480 1Remoteclinic 1Remote Clinic Nov 21, 2024 Nov 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the targe...Show more RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.Show less
CVE-2023-33479 1Remoteclinic 1Remote Clinic Nov 21, 2024 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
CVE-2023-33478 1Remoteclinic 1Remote Clinic Nov 21, 2024 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
CVE-2022-48152 1Remoteclinic 1Remote Clinic Apr 3, 2025 Jan 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.
CVE-2021-39416 1Remoteclinic 1Remote Clinic Nov 21, 2024 Nov 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender,...Show more Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.Show less
CVE-2021-31329 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
CVE-2021-31327 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
CVE-2021-30044 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
CVE-2021-30042 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
CVE-2021-30039 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
CVE-2021-30034 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
CVE-2021-30030 1Remoteclinic 1Remote Clinic Nov 21, 2024 Apr 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.