CVE-2013-7429

CRITICAL

Googlemaps <3.1 - Code Injection

Title source: llm

Description

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

References (4)

[Patch, URL Repurposed] http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/02/26/4

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2013/Jul/158

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/02/26/11

Scores

CVSS v3 9.8

EPSS 0.0158

EPSS Percentile 81.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-91

Status published

Products (1)

mapsplugin/googlemaps < 3.0

Published Sep 14, 2017

Tracked Since Feb 18, 2026