This vulnerability in SermonAudio Widgets (<= 1.9.3) involves improper neutralization of special elements used in SQL commands, leading to SQL Injection. The CVSS score of 8.5 reflects that it is remotely exploitable over the network with low complexity and requires low privileges but no user interaction. The impact includes high confidentiality impact and low availability impact, with no integrity impact. The vulnerability is publicly disclosed but lacks an official patch or vendor advisory at this time.

Successful exploitation could allow an attacker to execute crafted SQL commands, potentially exposing sensitive data (confidentiality impact is high) and causing limited denial of service (availability impact is low). Integrity is not impacted according to the CVSS vector. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected widget components and monitor for unusual database activity. Avoid exposing the widget to untrusted users or networks if possible.