What is CVE-2022-0786?

CVE-2022-0786 is a vulnerability in Kivicare – Clinic & Patient Management System (Ehr), classified under SQL Injection. Published 2022-06-13.

Is CVE-2022-0786 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Kivicare – Clinic & Patient Management System (Ehr)

CVE-2022-0786

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthent…

Vulnerability class: SQL Injection

EPSS: 0.692 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Kivicare – Clinic & Patient Management System (Ehr) — versions 2.3.9

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0786?: CVE-2022-0786 is a vulnerability in Kivicare – Clinic & Patient Management System (Ehr), classified under SQL Injection. Published 2022-06-13.
Is CVE-2022-0786 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.