Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.
References (2)
Core 2
Core References
Vdb Entry vdb-entry
https://patchstack.com/database/Wordpress/Plugin/neshan-maps/vulnerability/wordpress-neshan-maps-plugin-1-1-4-sql-injection?_s_id=cve
Third Party Advisory vdb-entry
https://patchstack.com/database/vulnerability/neshan-maps/wordpress-neshan-maps-plugin-1-1-4-sql-injection?_s_id=cve
Scores
CVSS v3
6.0
EPSS
0.0055
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (3)
neshan/neshan_maps
< 1.1.4
Neshan Maps Platform/Neshan Maps
< 1.1.4
neshanmaps/Neshan Maps
< 1.1.4
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026