3 matches found
MapSVG < 6.2.20 - Unauthenticated SQLi
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. id: CVE-2022-0592 info: name: MapSVG 6.2.20 - Unauthenticated SQLi author: DhiyaneshDK...
CVE-2022-0592
creationtimestamp| type| source ---|---|--- 2022-05-09 20:36:37+00:00| seen| https://t.me/cibsecurity/42188 2023-07-04 22:29:01+00:00| published-proof-of-concept| https://t.me/MrVGunz/751 2025-04-29 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-04-29 2025-05-20...
CVE-2022-0592
CVE-2022-0592 affects the MapSVG WordPress plugin, specifically versions prior to 6.2.20. The vulnerability arises from the REST endpoint failing to validate and escape a parameter before it is used in a SQL statement, resulting in unauthenticated SQL Injection. Affected component: MapSVG WordPre...