CVE-2018-25351
published 2026-05-23CVE-2018-25351: Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by…
PriorityP355high8.2CVSS 3.1
AVNACLPRNUINSUCHILAN
EPSS
0.36%
27.7th percentile
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| harmistechnology | ek_rishta | — | — |
| harmistechnology | ekrishta | — | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cvelistv5v4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g55-qf36-hjqr: Joomla! Component EkRishta 2
ghsa_unreviewed·2026-05-26
CVE-2018-25351 [HIGH] CWE-89 GHSA-3g55-qf36-hjqr: Joomla! Component EkRishta 2
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
CVEList
Joomla! Component EkRishta 2.10 SQL Injection via username
cvelistv5·2026-05-23·CVSS 8.8
CVE-2018-25351 [HIGH] CWE-89 Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-23
Published