CVE-2018-6605 – This SQL injection vulnerability in the Zh Baid... (How to Fix)

Q: What is the severity of CVE-2018-6605?

CVE-2018-6605 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in the Zh BaiduMap Joomla! component allows attackers to execute arbitrary SQL commands via the id parameter in specific API requests. All Joomla! websites using the vulnerable Zh BaiduMap component version are affected, potentially leading to complete database compromise.

📋 TL;DR

This SQL injection vulnerability in the Zh BaiduMap Joomla! component allows attackers to execute arbitrary SQL commands via the id parameter in specific API requests. All Joomla! websites using the vulnerable Zh BaiduMap component version are affected, potentially leading to complete database compromise.

💻 Affected Systems

Products:

Zh BaiduMap component for Joomla!

Versions: 3.0.0.1

Operating Systems: All platforms running Joomla!

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Joomla! CMS with the Zh BaiduMap component installed and enabled.

📦 What is this software?

Zh Baidumap by Zh Baidumap Project

View all CVEs affecting Zh Baidumap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, authentication bypass, and privilege escalation leading to administrative access.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication. Simple SQL injection techniques work.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.0.2 or later

Vendor Advisory: https://extensions.joomla.org/extension/zh-baidumap/

Restart Required: No

Instructions:

1. Update Zh BaiduMap component to version 3.0.0.2 or later via Joomla! Extension Manager. 2. Verify the update completed successfully. 3. Test the component functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the id parameter before processing

Modify component PHP files to add: $id = (int)$id; before SQL queries

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords in id parameter

🧯 If You Can't Patch

Disable the Zh BaiduMap component entirely via Joomla! Extension Manager
Implement strict network segmentation and firewall rules to limit access to affected systems

🔍 How to Verify

Check if Vulnerable:

Check Joomla! Extension Manager for Zh BaiduMap component version 3.0.0.1

Check Version:

Check via Joomla! admin panel: Extensions → Manage → Search for 'Zh BaiduMap'

Verify Fix Applied:

Verify component version shows 3.0.0.2 or later in Joomla! Extension Manager

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in Joomla! logs
Multiple requests to getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails endpoints with suspicious id parameters

Network Indicators:

HTTP requests containing SQL keywords (UNION, SELECT, etc.) in id parameter
Unusual database query patterns from web server

SIEM Query:

source="joomla_logs" AND ("getPlacemarkDetails" OR "getPlacemarkHoverText" OR "getPathHoverText" OR "getPathDetails") AND id=*

📊 Metadata

CVE ID: CVE-2018-6605

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 5, 2018

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/43974/ Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43974/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-6605, you might also want to check these: