CVE-2017-15966
published 2017-10-29CVE-2017-15966: The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.40%
87.3th percentile
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zh_yandexmap_project | zh_yandexmap | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://localhost/[PATH]/index.php?option=com_zhyandexmap&view=zhyandexmap&tmpl=component&id=3&placemarklistid=-1660) OR 1 GROUP BY CONCAT(0x71627a7871,(SELECT (CASE WHEN (6691=6691) THEN 1 ELSE 0 END)),0x716b7a7671,FLOOR(RAND(0)*2)) HAVING MIN(0)#↗
- →Monitor GET requests to index.php targeting the com_zhyandexmap component where the 'placemarklistid' parameter contains SQL injection patterns such as unbalanced parentheses, OR clauses, GROUP BY CONCAT, FLOOR(RAND()), or MySQL comment sequences (#). ↗
- →Detect error-based MySQL injection attempts using FLOOR(RAND(0)*2) and CONCAT with hex-encoded strings (e.g., 0x71627a7871, 0x716b7a7671) in the placemarklistid parameter. ↗
- →Flag any HTTP request containing both 'option=com_zhyandexmap' and 'placemarklistid=' query parameters, as this is the exclusive attack surface for CVE-2017-15966. ↗
- ·The vulnerable component version is specifically 6.1.1.0 of Zh YandexMap (com_zhyandexmap) for Joomla!. Ensure version fingerprinting is used to avoid false positives on patched or different versions. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101694https://packetstormsecurity.com/files/144436/Joomla-Zh-YandexMap-6.1.1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/43093/http://www.securityfocus.com/bid/101694https://packetstormsecurity.com/files/144436/Joomla-Zh-YandexMap-6.1.1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/43093/
2017-10-29
Published