CVE-2018-25380

Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

CVSS 7.1 HIGHEPSS 0.3%CWE-89

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Extro · eXtroForms

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45472unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/extroforms/https://extro.media/https://www.exploit-db.com/exploits/45472 https://www.vulncheck.com/advisories/joomla-component-extroforms-sql-injection-via-filter-parameters