CVE-2018-7315
published 2018-02-22CVE-2018-7315: SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.80%
84.7th percentile
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| harmistechnology | ek_rishta | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://localhost/[PATH]/index.php/component/ekrishta/alluser?options=com_ekrishta&view=alluser&gender=[SQL]&age1=[SQL]&age2=[SQL]&religion=[SQL]&mothertounge=[SQL]&caste=[SQL]&country=[SQL]↗
command%27%20%41%4e%44%20%45%58%54%52%41%43%54%56%41%4c%55%45%28%32%32%2c%43%4f%4e%43%41%54%28%30%78%35%63%2c%76%65%72%73%69%6f%6e%28%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%56%65%72%41%79%61%72%69↗
- →Monitor HTTP requests to the Joomla component path `/index.php/component/ekrishta/alluser` for SQL injection payloads in the `gender`, `age1`, `age2`, `religion`, `mothertounge`, `caste`, or `country` GET parameters. ↗
- →The URL-decoded SQL payload uses `' AND EXTRACTVALUE(22,CONCAT(0x5c,version(),(SELECT (ELT(1=1,1))),database()))-- VerAyari`, indicating error-based SQL injection via EXTRACTVALUE; detect this pattern in query strings. ↗
- →Flag requests containing the Joomla component identifier `com_ekrishta` combined with `view=alluser` and suspicious characters (e.g., URL-encoded single quotes `%27`) in any of the vulnerable parameters. ↗
- ·The exploit PoC uses `localhost` as a placeholder; the actual target path (`[PATH]`) is variable and must be adapted to the specific Joomla installation directory when writing detection signatures. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-22
Published