CVE-2025-9772

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RemoteClinic versions prior to 2.1

Description A vulnerability allows for unrestricted file upload via manipulation of the image argument in the /staff/edit.php file. The attack can be initiated remotely. The exploit is publicly available. This issue affects products that are no longer supported by the maintainer.

Recommendations RemoteClinic versions prior to 2.1: Due to the lack of support for older versions, upgrading is not possible. Consider alternative solutions or isolating the affected system.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-9772

Affected Products

Remote Clinic

CVE-2025-9772

Weakness Enumeration

Related Identifiers

Affected Products

References · 11