Overview SilentGrid identified a blind SQL injection vulnerability in Hexagon's GeoMedia WebMap 2020 solution. This vulnerability can be exploited by unauthenticated attackers to interfere with the SQL query the application is using to interact with the backend database. While a hotfix is available, due to lack of response from the vendor, SilentGrid cannot confirm if the patch is implemented in the latest GeoMedia WebMap 2020 Update 2. Technical Details The “Id” parameter within the "sourceIt