vendor:
Zh GoogleMap
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Zh GoogleMap
Affected Version From: 8.4.0.0
Affected Version To: 8.4.0.0
Patch Exists: YES
Related CWE: CVE-2018-6582
CPE: a:zhuk:zh_googlemap:8.4.0.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Zh GoogleMap 8.4.0.0 – SQL Injection
The vulnerability allows an attacker to inject sql commands into the vulnerable application. The attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary sql commands in the back-end database. This can lead to the manipulation or disclosure of data.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should also use parameterized queries to prevent SQL injection.
