CVE-2013-7429

Description

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

Related CPE's

amapsplugingooglemaps*****joomla\!**

References

[oss-security] 20150226 CVE request: Joomla Google Maps Plugin

Mailing ListThird Party Advisory

[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin

Mailing ListThird Party Advisory

http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html

Patch

20130716 Multiple vulnerabilities in Googlemaps plugin for Joomla

ExploitMailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io