13 Layers
SHARE

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows unsighted SQL Injection via the Id (within sourceItems) parameter to the GetMap method. (CVSS:10.0) (Closing Update:2021-09-01)

13 Layers Managed Security Services