CVE-2014-9686

Description

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.

Related CPE's

amapsplugingooglemaps*****joomla\!**

References

[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin

Mailing ListThird Party Advisory

http://websecurity.com.ua/6987/

ExploitThird Party Advisory

20140207 New vulnerabilities in Google Maps plugin for Joomla

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

5.9

VectorString

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

4.300000190734863

Created by Yello
About Severity.io