Overview
SilentGrid identified a blind SQL injection vulnerability in Hexagon's GeoMedia
WebMap 2020 solution. This vulnerability can be exploited by unauthenticated
attackers to interfere with the SQL query the application is using to interact
with the backend database.
While a hotfix is available, due to lack of response from the vendor, SilentGrid
cannot confirm if the patch is implemented in the latest GeoMedia WebMap 2020
Update 2.
Technical Details
The “Id” parameter within the "sourceIt