cbcvebase.
CVE-2017-15966
published 2017-10-29

CVE-2017-15966: The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.40%
87.3th percentile
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
zh_yandexmap_projectzh_yandexmap

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/[PATH]/index.php?option=com_zhyandexmap&view=zhyandexmap&tmpl=component&id=3&placemarklistid=-1660) OR 1 GROUP BY CONCAT(0x71627a7871,(SELECT (CASE WHEN (6691=6691) THEN 1 ELSE 0 END)),0x716b7a7671,FLOOR(RAND(0)*2)) HAVING MIN(0)#
pathindex.php?option=com_zhyandexmap&view=zhyandexmap&tmpl=component
  • Monitor GET requests to index.php targeting the com_zhyandexmap component where the 'placemarklistid' parameter contains SQL injection patterns such as unbalanced parentheses, OR clauses, GROUP BY CONCAT, FLOOR(RAND()), or MySQL comment sequences (#).
  • Detect error-based MySQL injection attempts using FLOOR(RAND(0)*2) and CONCAT with hex-encoded strings (e.g., 0x71627a7871, 0x716b7a7671) in the placemarklistid parameter.
  • Flag any HTTP request containing both 'option=com_zhyandexmap' and 'placemarklistid=' query parameters, as this is the exclusive attack surface for CVE-2017-15966.
  • ·The vulnerable component version is specifically 6.1.1.0 of Zh YandexMap (com_zhyandexmap) for Joomla!. Ensure version fingerprinting is used to avoid false positives on patched or different versions.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.