CVE-2022-1123 - OpenCVE

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mapsmarker	Leaflet Maps Marker

Configuration 1 [-]

cpe:2.3:a:mapsmarker:leaflet_maps_marker:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-29T14:40:24

Updated: 2022-08-29T14:40:24

Reserved: 2022-03-28T00:00:00

Link: CVE-2022-1123

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-29T18:15:08.803

Modified: 2022-09-01T06:37:19.487

Link: CVE-2022-1123

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "vendor": "Unknown", "versions": [{"lessThan": "3.12.5", "status": "affected", "version": "3.12.5", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ihor Bliumental"}], "descriptions": [{"lang": "en", "value": "The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T14:40:24", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812"}], "source": {"discovery": "EXTERNAL"}, "title": " Leaflet Maps Marker < 3.12.5 - Admin+ SQLi", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1123", "STATE": "PUBLIC", "TITLE": " Leaflet Maps Marker < 3.12.5 - Admin+ SQLi"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "version": {"version_data": [{"version_affected": "<", "version_name": "3.12.5", "version_value": "3.12.5"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Ihor Bliumental"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1123", "datePublished": "2022-08-29T14:40:24", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2022-08-29T14:40:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}