vendor:
Google Map Store Locator
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Google Map Store Locator
Affected Version From: 4.4
Affected Version To: 4.4
Patch Exists: NO
Related CWE: N/A
CPE: a:matamko:google_map_store_locator:4.4
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Joomla! Component Google Map Store Locator v4.4 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component Google Map Store Locator v4.4. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerability is due to insufficient sanitization of user-supplied input in the 'filter_to', 'filter_day', and 'filter_time' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing malicious SQL statements to the vulnerable application.
Mitigation:
Input validation should be used to ensure that untrusted data is not allowed to enter the system. All input data should be validated and filtered before being passed to the application. It is recommended to use whitelists to validate input data, as opposed to blacklists. Additionally, the application should be configured to use the least privileged account with the least amount of privileges necessary to perform its function.
