vendor:
Zh Baidumap
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Zh Baidumap
Affected Version From: 3.0.0.1
Affected Version To: 3.0.0.1
Patch Exists: YES
Related CWE: CVE-2018-6605
CPE: a:zhuk:zh_baidumap:3.0.0.1
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Zh BaiduMap 3.0.0.1 – SQL Injection
The vulnerability allows an attacker to inject sql commands by exploiting the vulnerable parameters in the 'getPlacemarkDetails' and 'getPlacemarkHoverText' functions of the 'controller.php' file.
Mitigation:
Input validation and sanitization should be done to prevent SQL injection attacks.