Vulnerability Description
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://extensions.joomla.org/extensions/extension/living/dating-a-relationships
- https://www.exploit-db.com/exploits/44660
- https://www.joomlaextensions.co.in/
- https://www.vulncheck.com/advisories/joomla-ekrishta-persistent-xss-and-sql-inje
FAQ
What is CVE-2018-25330?
CVE-2018-25330 is a vulnerability with a CVSS score of 8.2 (HIGH). Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Att...
How severe is CVE-2018-25330?
CVE-2018-25330 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25330?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.