CVE-2019-25100

Name of the Vulnerable Software and Affected Versions happyman twmap versions prior to v2.9 v4.31

Description A critical issue was found in happyman twmap, affecting an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the id argument leads to sql injection.

Recommendations For versions prior to v2.9 v4.31, upgrade to version v2.9 v4.31 to address this issue. As a temporary workaround, consider restricting access to the pointdata2.php file or avoiding the use of the id argument in the affected API endpoint until the issue is resolved.