vendor:
Zh YandexMap
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Zh YandexMap
Affected Version From: 6.2.1.0
Affected Version To: 6.2.1.0
Patch Exists: YES
Related CWE: CVE-2018-6604
CPE: a:zhuk:zh_yandexmap:6.2.1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Zh YandexMap 6.2.1.0 – SQL Injection
The vulnerability allows an attacker to inject sql commands by sending a maliciously crafted request to the vulnerable application. The attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary SQL commands in application's database. This can lead to information disclosure, data manipulation, and even system compromise.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
