CVE-2024-11728 Scanner

The KiviCare Clinic & Patient Management System is a widely used platform for managing clinic operations, patient data, and medical appointments. It is a plugin built for WordPress, offering functionalities like patient registration, visit scheduling, and medical history tracking. The system is widely adopted by healthcare providers to streamline operations and enhance patient care. However, the plugin has a vulnerability in its handling of user inputs, specifically in the tax_calculated_data AJAX action. The vulnerability affects all versions up to 3.6.4. This issue poses a risk to any WordPress site utilizing the plugin for clinic and patient management.

This vulnerability exists in the KiviCare Clinic & Patient Management System plugin for WordPress due to improper handling of user-supplied input in the 'visit_type[service_id]' parameter. The lack of proper escaping on the user input allows for SQL Injection, where an attacker can append arbitrary SQL queries to the existing query. This can lead to unauthorized access to the database, potentially exposing sensitive information. The issue is present in all versions up to and including 3.6.4. The vulnerability allows unauthenticated attackers to exploit the flaw remotely, posing a significant security risk.

The vulnerability resides in the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action. The lack of sanitization and validation of the user-supplied data makes it possible for attackers to inject malicious SQL queries. Specifically, the vulnerability occurs due to insufficient preparation of the SQL query, allowing the attacker to append custom SQL statements. The vulnerable endpoint is accessed via the POST request to /wp-admin/admin-ajax.php, which processes the 'visit_type[service_id]' parameter. An attacker can exploit this flaw without authentication, increasing the risk of successful exploitation.

If exploited, this vulnerability can lead to significant data breaches. Malicious attackers could extract sensitive information from the database, including patient records, doctor details, and appointment history. This exposure could result in identity theft, unauthorized access to patient data, and potential legal consequences for healthcare providers. Additionally, attackers could manipulate or delete data within the system. Exploiting this vulnerability may also allow for further attacks within the WordPress ecosystem, potentially compromising the entire site.

REFERENCES

• https://github.com/samogod/CVE-2024-11728
• https://samogod.com/2024/12/11/cve-2024-11728-kivicare-wordpress-unauthenticated-sql-injection/
• https://plugins.trac.wordpress.org/changeset/3201428/kivicare-clinic-management-system/trunk/app/controllers/KCTaxController.php
• https://www.wordfence.com/threat-intel/vulnerabilities/id/53c18834-3026-4d4d-888b-add314a0e56e?source=cve
• https://nvd.nist.gov/vuln/detail/CVE-2024-11728