Joomla Googlemaps Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Joomla Googlemaps plugin and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attacker to execute arbitrary HTML or script code, discloses the software's installation path resulting in a loss of confidentiality.

Solution

Upgrade to Googlemaps plugin for Joomla version 3.1 or later. For updates refer to http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147

Insight

Input passed via 'url' parameter to 'plugin_googlemap2_proxy.php' is not properly sanitised before being returned to the user.

Affected

Googlemaps plugin for Joomla versions 2.x and 3.x and potentially previous versions may also be affected

Detection

Send a crafted data via HTTP GET request and check whether it is vulnerable or not.

References

http://seclists.org/fulldisclosure/2013/Jul/158
http://www.osvdb.com/95423
http://www.osvdb.com/95424
http://www.osvdb.com/95425
http://www.osvdb.com/95426

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Redirection and Security Bypass Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.
Adobe ColdFusion Directory Traversal Vulnerability
ATutor password reminder SQL injection

Take action and discover your vulnerabilities