What the vulnerability does
01Description
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Explanation of Vulnerability in Simple Terms
GeoDirectory versions up to 2.8.152 contain a SQL injection vulnerability in database query handling. An attacker can craft malicious input to extract sensitive data from the site's database without authentication. The vulnerability affects confidentiality severely and can degrade site availability. Update to version 2.8.153 or later.
What an attacker can do
Extract sensitive data from the site database, such as user credentials and private information.
Potential impact on your site
Attackers can read your database contents, including user accounts and private data, without logging in.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities