CVE-2007-4128

Firestorm Technologies GMaps <1.00 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4128. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla's com_gmaps component (version 1.00) by injecting a UNION-based query to extract username and password from the jos_users table. The attack leverages improper input sanitization in the mapId parameter.

Description

SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/4248

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla's com_gmaps component (version 1.00) by injecting a UNION-based query to extract username and password from the jos_users table. The attack leverages improper input sanitization in the mapId parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_gmaps 1.00

No auth needed

Prerequisites: Joomla installation with com_gmaps 1.00 component enabled

MITRE ATT&CK