Summary
This host is running Joomla Googlemaps plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attacker to execute arbitrary HTML or script code, discloses the software's installation path resulting in a loss of confidentiality.
Solution
Upgrade to Googlemaps plugin for Joomla version 3.1 or later. For updates refer to http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147
Insight
Input passed via 'url' parameter to 'plugin_googlemap2_proxy.php' is not properly sanitised before being returned to the user.
Affected
Googlemaps plugin for Joomla versions 2.x and 3.x and potentially previous versions may also be affected
Detection
Send a crafted data via HTTP GET request and check whether it is vulnerable or not.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Arkeia Appliance Path Traversal Vulnerability