CVE-2018-6605
CVE-2018-6605
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 58.3%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
05 Feb 2018Public PoC
05 Feb 2018Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/43974/unverifiedexploitdbwww.exploit-db.com/exploits/43974unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.