CVE-2022-0592
published 2022-05-09CVE-2022-0592: The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.65%
94.9th percentile
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mapsvg | mapsvg | < 6.2.20 | 6.2.20 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
MapSVG = 6' - 'contains(body, "map")' - 'contains(content_type, "application/json")' - 'status_code == 200' condition: and # digest: 4b0a00483046022100dffd28796dd32f31891c07fca079c21152474fad248918689846fe471a7b6fed022100b3e97b8d37e3f5b2d445020e44906ac1a50c4f40b49ffd7b0d4c89a48b5e8b59:922c64590222798bb761d5b6d8e72950
- →The vulnerability is a SQL Injection exploitable by unauthenticated users via a REST endpoint parameter in the MapSVG WordPress plugin before 6.2.20. Monitor REST API requests to MapSVG endpoints for unsanitized SQL metacharacters (e.g., single quotes, UNION, SELECT keywords) in parameters. ↗
- ·The MapSVG plugin version threshold for this vulnerability is strictly before 6.2.20; version 6.2.20 and later are patched. ↗
- ·The SQL injection is unauthenticated, meaning no credentials are required to exploit the REST endpoint — detection rules should not filter out unauthenticated requests. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wf27-rjfj-r23v: The MapSVG WordPress plugin before 6
ghsa_unreviewed·2022-05-10
CVE-2022-0592 [CRITICAL] CWE-89 GHSA-wf27-rjfj-r23v: The MapSVG WordPress plugin before 6
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
VulnCheck
mapsvg mapsvg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0592 [CRITICAL] mapsvg mapsvg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
mapsvg mapsvg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
Affected: mapsvg mapsvg
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-0592; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=src&vulnerability=cve-2022-0592; https://dashboard.shadow
No detection rules found.
Nuclei
MapSVG < 6.2.20 - Unauthenticated SQLi
nuclei·CVSS 9.8
CVE-2022-0592 [CRITICAL] MapSVG < 6.2.20 - Unauthenticated SQLi
MapSVG = 6'
- 'contains(body, "map")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100dffd28796dd32f31891c07fca079c21152474fad248918689846fe471a7b6fed022100b3e97b8d37e3f5b2d445020e44906ac1a50c4f40b49ffd7b0d4c89a48b5e8b59:922c64590222798bb761d5b6d8e72950
2022-05-09
Published
Exploited in the wild