Blind SQL Injection in Hexagon GeoMedia WebMap 2020

Blind SQL Injection in Hexagon GeoMedia WebMap 2020

CVE-2021-37749 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.