## https://sploitus.com/exploit?id=B4ECBF20-9C4C-5455-B2C3-04065EB40054
# CVE-2024-11728
KiviCare โ Clinic & Patient Management System (EHR) WordPress Plugin Unauthenticated SQL Injection PoC
This repository contains a Proof of Concept (PoC) script for exploiting an SQL Injection vulnerability in the KiviCare โ Clinic & Patient Management System (EHR) WordPress Plugin, versions up to and including 3.6.4. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via the visit_type[service_id] parameter in the tax_calculated_data AJAX action.
For more details, please refer to the [blog post](https://samogod.com/2024/12/11/cve-2024-11728-kivicare-wordpress-unauthenticated-sql-injection/).
# CVE-2024-11728 - KiviCare WordPress Plugin Unauthenticated SQL Injection PoC
## Description
The KiviCare plugin is vulnerable due to insufficient escaping of user-supplied input in the `visit_type[service_id]` parameter. This allows attackers to append additional SQL queries, potentially leading to data extraction or other malicious activities.
## Usage
### Prerequisites
- Python 3.x
- Required Python packages: `requests`, `argparse`, `urllib3`
### Installation
1. Clone the repository:
```bash
git clone https://github.com/yourusername/CVE-2024-11728.git
cd CVE-2024-11728
```
2. Install the required packages:
```bash
pip install -r requirements.txt
```
### Running the Script
To execute the script, use the following command:
```bash
python3 CVE-2024-11728.py -u <target_url> [-t <timeout>] [-v]
- -u, --url: Target URL (e.g., http://example.com)
- -t, --timeout: Request timeout in seconds (default: 10)
- -v, --verbose: Enable verbose output for debugging
```
### Example
```bash
python3 CVE-2024-11728.py -u https://wordpress.samogod.com -v
```
## Important Notes
- **Nonce Handling**: The script currently requires a valid `_ajax_nonce` value. This value is session-specific and must be obtained manually or through an automated process.
- **Legal Disclaimer**: This script is intended for educational purposes and authorized security testing only. Unauthorized use of this script against systems you do not own or have explicit permission to test is illegal.
## Contributing
Contributions are welcome! Please fork the repository and submit a pull request with your changes.