CVE-2025-66095

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions Iqonic Design KiviCare versions through 3.6.13

Description A flaw exists in the KiviCare clinic management system that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The affected component is susceptible to manipulation through crafted SQL queries. The API endpoint is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified.

Recommendations Update KiviCare to a version newer than 3.6.13.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-66095

Affected Products

Kivicare

CVE-2025-66095

Weakness Enumeration

Related Identifiers

Affected Products

References · 5