CVE-2023-0037
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | 10Web Map Builder for Google Maps | 0 < 1.0.73 | affected |
Weaknesses
- CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56
- https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56
- https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.