CVE-2018-6605
published 2018-02-05CVE-2018-6605: SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText…
PriorityP184critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
58.32%
99.0th percentile
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zh_baidumap_project | zh_baidumap | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandid=-1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+↗
- →Monitor POST requests to /index.php with query parameters option=com_zhbaidumap, no_html=1, format=raw, and task set to getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails — these are the four injectable task endpoints. ↗
- →Inspect the POST body for the 'id' parameter containing UNION-based SQL injection payloads (e.g., negative id values followed by UNION ALL SELECT with NULL columns and a comment terminator --+). ↗
- →A successful exploitation response will contain the string 'dataexists' in the body alongside the injected computed value, which can be used as a detection matcher. ↗
- →Use FOFA/Shodan queries for Joomla installations (app="Joomla!-网站安装") to identify potentially exposed instances of the vulnerable component. ↗
- ·The UNION-based payload targets a 48-column table structure (48 NULL columns). If the underlying database schema differs, the column count in the UNION SELECT must be adjusted accordingly. ↗
- ·The vulnerability is unauthenticated (PR:N) and network-accessible (AV:N), meaning no credentials or prior access are required to exploit it. ↗
- ·The exploit has a very high EPSS score (90.96th percentile), indicating active exploitation in the wild should be assumed. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhxw-gq6r-5hpw: SQL Injection exists in the Zh BaiduMap 3
ghsa_unreviewed·2022-05-14
CVE-2018-6605 [CRITICAL] CWE-89 GHSA-mhxw-gq6r-5hpw: SQL Injection exists in the Zh BaiduMap 3
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
VulnCheck
zh_baidumap_project zh_baidumap Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2018·CVSS 9.8
CVE-2018-6605 [CRITICAL] zh_baidumap_project zh_baidumap Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
zh_baidumap_project zh_baidumap Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Affected: zh_baidumap_project zh_baidumap
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-03-10&host_type=src&vulnerability=cve-2018-6605; https://dashboard.shadowserver.org/statistics/honeypot/vulnerabilit
No detection rules found.
Exploit-DB
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
exploitdb·2018-02-05·CVSS 9.8
CVE-2018-6605 [CRITICAL] Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
---
Nuclei
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2018-6605 [CRITICAL] Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Template:
id: CVE-2018-6605
info:
name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
author: DhiyaneshDk
severity: critical
description: |
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to access, modify, or delete database contents, potentially compromising the entire Joomla installation.
remediation: |
Remove the vulnerable Zh BaiduMap
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2018-02-05
Published
Exploited in the wild