CVE-2024-11730
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 89
Summary
CVE-2024-11730 is a newly disclosed vulnerability in the KiviCare EHR plugin for WordPress. This issue, affecting versions up to 3.6.4, allows authenticated attackers with doctor/receptionist-level access or higher to execute SQL Injection attacks. The vulnerability stems from insufficient escaping of user-supplied data and a lack of preparation of existing SQL queries within the 'sort[]' parameter of the static_data_list AJAX action. By appending malicious SQL code, attackers can extract sensitive information from the database.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share