This vulnerability in Small Package Quotes – Worldwide Express Edition (<= 5.2.17) arises from improper neutralization of special elements in SQL commands, enabling SQL Injection attacks. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L) indicates that the vulnerability is remotely exploitable without privileges or user interaction, can affect system confidentiality severely, and cause limited availability impact. The product is not a cloud service, and no patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the backend database, potentially leading to disclosure of sensitive data (high confidentiality impact) and minor disruption of service (low availability impact). Integrity is not impacted according to the CVSS vector. No known exploits have been reported in the wild to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected application and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable application to untrusted networks where possible.