PT-2023-15963 · 10Web · 10Web Map Builder For Google Maps

Daniel Krohmer

Publicado

2023-03-13

Atualizado

2026-06-07

CVE-2023-0037

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 10Web Map Builder for Google Maps WordPress plugin versions prior to 1.0.73

Description The issue arises from the plugin's failure to properly sanitise and escape certain parameters before using them in an SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to a SQL injection.

Recommendations For versions prior to 1.0.73, update to version 1.0.73 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until a patch is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-0037

Produtos afetados

10Web Map Builder For Google Maps

PT-2023-15963 · 10Web · 10Web Map Builder For Google Maps

CVE-2023-0037

Identificadores relacionados

Produtos afetados

Referências · 8