cbcvebase.

Remoteclinic Remote Clinic vulnerabilities

17 known vulnerabilities affecting remoteclinic/remote_clinic.

Total CVEs
17
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH1MEDIUM10

Vulnerabilities

Page 1 of 1
CVE-2023-33480P2HIGHCVSS 8.8v2.02023-11-07
CVE-2023-33480 [HIGH] CWE-434 CVE-2023-33480: RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php en
nvd
CVE-2025-9772P2CRITICALCVSS 9.8≤ 2.02025-09-01
CVE-2025-9772 [CRITICAL] CWE-284 CVE-2025-9772: A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /st A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the m
nvd
CVE-2025-9775P3CRITICALCVSS 9.8≤ 2.02025-09-01
CVE-2025-9775 [CRITICAL] CWE-284 CVE-2025-9775: A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /st A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.
nvd
CVE-2021-31327P4MEDIUMCVSS 5.4PoCv2.02021-04-21
CVE-2021-31327 [MEDIUM] CWE-79 CVE-2021-31327: Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
nvd
CVE-2021-30042P4MEDIUMCVSS 5.4PoCv2.02021-04-13
CVE-2021-30042 [MEDIUM] CWE-79 CVE-2021-30042: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic Ci Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
nvd
CVE-2021-30044P4MEDIUMCVSS 5.4PoCv2.02021-04-13
CVE-2021-30044 [MEDIUM] CWE-79 CVE-2021-30044: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/regi Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
nvd
CVE-2021-30030P4MEDIUMCVSS 5.4PoCv2.02021-04-13
CVE-2021-30030 [MEDIUM] CWE-79 CVE-2021-30030: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
nvd
CVE-2021-30039P4MEDIUMCVSS 5.4PoCv2.02021-04-13
CVE-2021-30039 [MEDIUM] CWE-79 CVE-2021-30039: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the pa Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
nvd
CVE-2021-30034P4MEDIUMCVSS 5.4PoCv2.02021-04-13
CVE-2021-30034 [MEDIUM] CWE-79 CVE-2021-30034: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report. Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
nvd
CVE-2021-31329P4MEDIUMCVSS 5.4PoCv2.02021-04-21
CVE-2021-31329 [MEDIUM] CWE-79 CVE-2021-31329: Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staf Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
nvd
CVE-2023-33481P3CRITICALCVSS 9.8v2.02023-11-07
CVE-2023-33481 [CRITICAL] CWE-89 CVE-2023-33481: RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET paramet RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.
nvd
CVE-2022-48152P3CRITICALCVSS 9.8v2.02023-01-20
CVE-2022-48152 [CRITICAL] CWE-89 CVE-2022-48152: SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and g SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.
nvd
CVE-2023-33478P3CRITICALCVSS 9.8v2.02023-11-07
CVE-2023-33478 [CRITICAL] CWE-89 CVE-2023-33478: RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
nvd
CVE-2023-33479P3CRITICALCVSS 9.8v2.02023-11-07
CVE-2023-33479 [CRITICAL] CWE-89 CVE-2023-33479: RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
nvd
CVE-2025-9773P4MEDIUMCVSS 6.1≤ 2.02025-09-01
CVE-2025-9773 [MEDIUM] CWE-79 CVE-2025-9773: A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
nvd
CVE-2021-39416P4MEDIUMCVSS 6.1v2.02021-11-05
CVE-2021-39416 [MEDIUM] CWE-79 CVE-2021-39416: Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/reg Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref
nvd
CVE-2025-9774P4MEDIUMCVSS 4.3≤ 2.02025-09-01
CVE-2025-9774 [MEDIUM] CWE-200 CVE-2025-9774: A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
Remoteclinic Remote Clinic vulnerabilities | cvebase