Lucene search
China National Vulnerability DatabaseCNVD-2022-55694HistoryJun 15, 2022 - 12:00 a.m.
WordPress plugin KiviCare SQL injection vulnerability
2022-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
kivicare
sql injection
vulnerability
php
ajax
unauthenticated user
security document
EPSS
0.04
Percentile
92.1%
WordPress is a set of blogging platform developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress plugin KiviCare prior to 2.3.9, which stems from the fact that the plugin does not use certain parameters in SQL statements via ajax_post AJAX operations with get_doctor_details routing before they are cleaned up and escaped. An attacker could exploit this vulnerability to allow an unauthenticated user to take advantage of SQL injection.
Related
wpvulndb
wpvulndb
KiviCare < 2.3.9 - Unauthenticated SQLi
2022-05-23 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-0786
2022-06-13 13:15:10
prion
prion
Sql injection
2022-06-13 13:15:00
nuclei
nuclei
WordPress KiviCare <2.3.9 - SQL Injection
2022-12-19 13:23:58
cvelist
cvelist
CVE-2022-0786 KiviCare < 2.3.9 - Unauthenticated SQLi
2022-06-13 12:41:32
wpexploit
wpexploit
KiviCare < 2.3.9 - Unauthenticated SQLi
2022-05-23 00:00:00
cve
cve
CVE-2022-0786
2022-06-13 13:15:10