Skip to main content

Geo To Lat CVE-2026-32368

| EUVDEUVD-2026-11863 HIGH
SQL Injection (CWE-89)
2026-03-13 Patchstack
8.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11863
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
HIGH 8.5

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.

AnalysisAI

Blind SQL injection in Geo to Lat versions up to 1.0.19 allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract or manipulate database contents, potentially leading to unauthorized data access and system disruption. No patch is currently available for this vulnerability.

Technical ContextAI

The vulnerability stems from improper input validation in SQL queries within the Geo to Lat plugin, a geolocation tool that converts geographic data. The flaw is classified as CWE-89 (SQL Injection), which occurs when user-controllable input is incorporated into SQL queries without proper sanitization or parameterization. The plugin fails to neutralize special SQL characters, allowing attackers to inject malicious SQL commands through blind injection techniques where results are inferred through application behavior rather than direct output.

RemediationAI

The primary remediation is to upgrade the Geo to Lat plugin to a version newer than 1.0.19 if available, though no specific patch version is mentioned in the advisory. As an immediate mitigation, implement input validation and parameterized queries for any user inputs processed by the plugin. Additionally, apply the principle of least privilege to database accounts used by the application, limit database permissions to only required operations, and enable SQL query logging to detect potential exploitation attempts.

Share

CVE-2026-32368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy