Kivicare Clinic Patient Management System Ehr
Monthly
SQL injection in KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress (all versions through 4.5.0) allows authenticated attackers with doctor-level or equivalent access to exfiltrate arbitrary database contents via a manipulated 'orderby' parameter. The flaw exists in DoctorSessionController.php and the KCQueryBuilder base class, where ORDER BY clause inputs are neither escaped nor parameterized, enabling appended SQL to traverse the entire WordPress database - including patient records, credentials, and clinical data. No public exploit code or active exploitation has been identified at time of analysis, though Wordfence has disclosed the vulnerability with source code references.
SQL injection in the KiviCare - Clinic & Patient Management System (EHR) WordPress plugin through version 4.5.0 enables authenticated clinic users to extract arbitrary data from the underlying database via a manipulated 'orderby' REST API parameter. The flaw resides in DoctorSessionController.php (lines 648 and 660) where user-supplied sort values are concatenated into queries without escaping or prepared-statement protections, cascading through KCQueryBuilder.php. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS data was not provided, but the authenticated-only prerequisite and niche deployment footprint materially limit real-world impact.
SQL injection in KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress (all versions through 4.5.0) allows authenticated attackers with doctor-level or equivalent access to exfiltrate arbitrary database contents via a manipulated 'orderby' parameter. The flaw exists in DoctorSessionController.php and the KCQueryBuilder base class, where ORDER BY clause inputs are neither escaped nor parameterized, enabling appended SQL to traverse the entire WordPress database - including patient records, credentials, and clinical data. No public exploit code or active exploitation has been identified at time of analysis, though Wordfence has disclosed the vulnerability with source code references.
SQL injection in the KiviCare - Clinic & Patient Management System (EHR) WordPress plugin through version 4.5.0 enables authenticated clinic users to extract arbitrary data from the underlying database via a manipulated 'orderby' REST API parameter. The flaw resides in DoctorSessionController.php (lines 648 and 660) where user-supplied sort values are concatenated into queries without escaping or prepared-statement protections, cascading through KCQueryBuilder.php. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS data was not provided, but the authenticated-only prerequisite and niche deployment footprint materially limit real-world impact.