CVE-2018-25330

HIGH

Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25330. PoCs published by Sina Kheirkhah.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in Joomla! extension EkRishta 2.10: a persistent XSS via profile fields and an SQL injection via the user_setting page. The XSS payload is executed when a user visits the attacker's profile, while the SQL injection is achieved by manipulating the 'phone_no' parameter in a POST request.

Description

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.

Exploits (1)

exploitdb WORKING POC
by Sina Kheirkhah · textwebappsphp
https://www.exploit-db.com/exploits/44660

The exploit demonstrates two vulnerabilities in Joomla! extension EkRishta 2.10: a persistent XSS via profile fields and an SQL injection via the user_setting page. The XSS payload is executed when a user visits the attacker's profile, while the SQL injection is achieved by manipulating the 'phone_no' parameter in a POST request.

Classification
Working Poc 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla! extension EkRishta 2.10
Auth required
Prerequisites: User account with profile creation privileges · Access to the user_setting page
devstral-2 · analyzed May 17, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-44660
https://www.exploit-db.com/exploits/44660
Product product
Official Product Homepage
https://www.joomlaextensions.co.in/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
https://www.vulncheck.com/advisories/joomla-ekrishta-persistent-xss-and-sql-injection

Scores

CVSS v3 8.2
EPSS 0.0032
EPSS Percentile 23.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Joomlaextensions/Joomla! extension EkRishta 2.10
Published May 17, 2026
Tracked Since May 17, 2026