Blind SQL Injection in Hexagon GeoMedia WebMap 2020
CVE-2021-37749 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.