What is CVE-2022-0592?

CVE-2022-0592 is a vulnerability in Mapsvg, classified under SQL Injection. Published 2022-05-09.

Is CVE-2022-0592 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Mapsvg

CVE-2022-0592

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.

Vulnerability class: SQL Injection

EPSS: 0.699 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Mapsvg — versions 6.2.20

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
l0928h/kate

References

wpscan.com/vulnerability/5d8d53ad-dc88-4b50-a292-fc447484c27b (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0592?: CVE-2022-0592 is a vulnerability in Mapsvg, classified under SQL Injection. Published 2022-05-09.
Is CVE-2022-0592 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.