CVE-2022-0592
CRITICAL EXPLOITED NUCLEIMapSVG < 6.2.20 - Unauthenticated SQL Injection via REST Endpoint
Title source: llmExploitation Summary
CVE-2022-0592 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including tomorroisnew. A Nuclei detection template is also available.
Description
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-0592
Nuclei Templates (1)
MapSVG < 6.2.20 - Unauthenticated SQLi
CRITICALVERIFIEDby DhiyaneshDK
FOFA:
body="/wp-content/plugins/mapsvg/"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5d8d53ad-dc88-4b50-a292-fc447484c27b
Scores
CVSS v3
9.8
EPSS
0.0877
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-01-22
CWE
CWE-89
Status
published
Products (1)
mapsvg/mapsvg
< 6.2.20
Published
May 09, 2022
Tracked Since
Feb 18, 2026