Description

A vulnerability has been reported in the Xmap component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the “view” parameter to index.php (when “option” is set to “com_xmap”) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.2.11. Prior versions may also be affected.

Solution

Update to version 1.2.12.

Provided and/or discovered by
Reported by the Joomla! VEL team.

Original Advisory
http://docs.joomla.org/Vulnerable_Extensions_List#xmap

# Exploit Title: Xmap 1.2.11 Joomla Component Blind SQL Injection
# Date: 12 July 2011 # Author: jdc
# Software Link: http://joomlacode.org/gf/project/xmap/frs/?action=FrsReleaseBrowse&frs_package_id=3882
# Version: 1.2.11
# Fixed In: 1.2.12 Versions prior to 1.2.12 suffer from a blind sql injection in the “view” parameter, depending on Xmap’s internal cache settings.

POSTDATA: option=com_xmap&tmpl=component&Itemid=999&view=[SQL]

1.2.12 has been patched. Older versions with cache=off cannot be exploited in this fashion.