Iqonic Design KiviCare CVE-2026-25022
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.
AnalysisAI
Blind SQL injection in KiviCare clinic management system versions 3.6.16 and earlier allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract sensitive data from the underlying database, though code execution is not possible. No patch is currently available for this HIGH severity vulnerability affecting the Iqonic Design product.
Technical ContextAI
Classified as CWE-89 (SQL Injection). Affects Iqonic Design KiviCare kivicare-clinic-management-system. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.
Affected ProductsAI
Product: Iqonic Design KiviCare kivicare-clinic-management-system.
RemediationAI
Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today