CVE-2018-6604 in Zh YandexMap
Summary
by MITRE
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/05/2025
The vulnerability identified as CVE-2018-6604 represents a critical SQL injection flaw within the Zh YandexMap component version 6.2.1.0 for Joomla websites, integrating Yandex Maps functionality and allowing users to manage placemarks and location data through web interfaces.
The technical exploitation of this vulnerability occurs when an attacker crafts malicious input through the id parameter in the getPlacemarkDetails task request. This parameter is processed directly within SQL queries without adequate input validation or parameterization mechanisms, creating an environment where malicious SQL code can be injected and executed within the database context. The flaw essentially allows attackers to manipulate database queries through crafted input, potentially enabling unauthorized data access, modification, or deletion. The vulnerability demonstrates poor input handling practices and lacks proper database abstraction layers that would normally prevent such injection attacks.
Operationally, this vulnerability poses significant risks to Joomla is a widely used content management system, the potential attack surface for this vulnerability is substantial, particularly in environments where the vulnerable component is actively deployed and maintained.
Security mitigations for CVE-2018-6604 should prioritize immediate patching of the Zh YandexMap component to version 6.2.1.1 or later, which includes proper input validation and parameterization fixes. Organizations should implement proper input sanitization measures that validate and sanitize all user-supplied data before processing, particularly focusing on SQL injection prevention techniques. The implementation of prepared statements and parameterized queries should be enforced throughout the component's database interaction layers to prevent direct SQL command construction from user input. Additionally, network-based protections such as web application firewalls and intrusion detection systems should be configured to monitor for suspicious query patterns targeting the vulnerable endpoint. The vulnerability's classification under ATT&CK technique T1071.005 for application layer protocol and T1046 for network service scanning highlights the need for comprehensive monitoring of database access patterns and query execution. System administrators should also conduct thorough security assessments of all installed Joomla! extensions to identify similar vulnerabilities and ensure proper access controls are implemented to limit database interaction privileges for web applications.