CVE-2022-0786
N/A
N/A
Summary
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | KiviCare – Clinic & Patient Management System (EHR) | 2.3.9 < 2.3.9 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.