CVE-2022-0786

Summary

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

Affected Software

VendorProductVersion RangeStatus
UnknownKiviCare – Clinic & Patient Management System (EHR)2.3.9 < 2.3.9affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References