What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
Explanation of Vulnerability in Simple Terms
MapSVG versions 8.7.4 and earlier contain a SQL injection vulnerability accessible over the network without authentication. An attacker can craft malicious input to extract sensitive data from the site's database or disrupt service. The vulnerability affects the scope beyond the vulnerable component itself.
What an attacker can do
Extract sensitive data from the database or cause service disruption without logging in.
Potential impact on your site
Database contents may be exposed or unavailable; site functionality could be disrupted.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources