MidnightBSD

Advisories for zh_yandexmap_project

CVE-2017-15966 HIGH

The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zh_yandexmap_project zh_yandexmap 6.1.1.0
CVE-2018-6604 HIGH

SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zh_yandexmap_project zh_yandexmap 6.2.1.0