CVE-2026-25022SQL Injection in Design Kivicare

CWE-89SQL Injection4 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 86.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Iqonic Design Kivicare
Timeline
PublishedFeb 3

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:LExploitability: 3.1 | Impact: 4.7

Affected Packages1 packages

CVEListV5iqonic_design/kivicare3.6.16

🔴Vulnerability Details

2
CVEList
WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability2026-02-03
GHSA
GHSA-467f-hq3q-7jjq: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-managemen2026-02-03

🕵️Threat Intelligence

1
Wiz
CVE-2026-25022 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-25022 — SQL Injection in Design Kivicare | cvebase