Impact
Joomla! Component VMap 1.9.6 is affected by a SQL injection flaw in the latlngbound parameter. An unauthenticated attacker can inject arbitrary SQL fragments via the GET request to index.php with option=com_vmap&task=loadmarker, allowing the execution of custom SQL queries. This can lead to extraction of sensitive database contents, data disclosure, and potentially unauthorized data manipulation.
Affected Systems
The flaw targets the Wdmtech VMap component for Joomla, specifically version 1.9.6. No other versions were identified as affected in this advisory.
Risk and Exploitability
The CVSS score of 8.8 classifies this as a high‑severity vulnerability. The EPSS score is not available, but the lack of a KEV listing suggests it has not yet been confirmed as a widely exploited issue. Nonetheless, the vulnerability is exploitable remotely by any party that can send HTTP GET requests to the site, making it a realistic risk for publicly accessible Joomla deployments.
OpenCVE Enrichment