Joomla VMap extension version 1.9.2 suffers from a remote SQL injection vulnerability.
1d0a647f38d27d05f5c99f155514375c
################################################
#Title: Joomla! VMap 1.9.2 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://www.wdmtech.com
#URL:
https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/vmap/
#Product: 'Joomla! VMap 1.9.2'
#Developer: WDMtech
#Extension type: Plugin
#Last updated: Apr 29 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# VMap Component is a uniquely designed Joomla Extension that allows you
to put your listings on Google Map.
#
#
# --Method=GET -p [latlngbound]
#
# -u "
http://127.0.0.1/index.php?option=com_vmap&task=loadmarker&latlngbound=40.535385698313576%2C40.899686902804504%2C-74.27737944140625%2C-73.67862455859375[SQLI]&mapid=7
"
#
# PoC:
# https://prnt.sc/hwfaya
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################