Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
AnalysisAI
Blind SQL injection in Geo to Lat versions up to 1.0.19 allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract or manipulate database contents, potentially leading to unauthorized data access and system disruption. No patch is currently available for this vulnerability.
Technical ContextAI
The vulnerability stems from improper input validation in SQL queries within the Geo to Lat plugin, a geolocation tool that converts geographic data. The flaw is classified as CWE-89 (SQL Injection), which occurs when user-controllable input is incorporated into SQL queries without proper sanitization or parameterization. The plugin fails to neutralize special SQL characters, allowing attackers to inject malicious SQL commands through blind injection techniques where results are inferred through application behavior rather than direct output.
RemediationAI
The primary remediation is to upgrade the Geo to Lat plugin to a version newer than 1.0.19 if available, though no specific patch version is mentioned in the advisory. As an immediate mitigation, implement input validation and parameterized queries for any user inputs processed by the plugin. Additionally, apply the principle of least privilege to database accounts used by the application, limit database permissions to only required operations, and enable SQL query logging to detect potential exploitation attempts.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11863