CVE-2018-25330

Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Joomlaextensions · Joomla! extension EkRishta

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44660no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/https://www.exploit-db.com/exploits/44660 https://www.joomlaextensions.co.in/https://www.vulncheck.com/advisories/joomla-ekrishta-persistent-xss-and-sql-injection