CVE-2018-25330

Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Joomlaextensions · Joomla! extension EkRishta

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44660não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/https://www.exploit-db.com/exploits/44660 https://www.joomlaextensions.co.in/https://www.vulncheck.com/advisories/joomla-ekrishta-persistent-xss-and-sql-injection