CVE-2018-25348

HIGH

Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25348. PoCs published by 41!kh4224rDz.

AI-analyzed exploit summary This exploit demonstrates a time-based SQL injection vulnerability in Joomla! Component Ek Rishta 2.10. The payload uses the 'SLEEP' function to confirm the vulnerability via delayed response.

Description

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by 41!kh4224rDz · textwebappsphp
https://www.exploit-db.com/exploits/44869

This exploit demonstrates a time-based SQL injection vulnerability in Joomla! Component Ek Rishta 2.10. The payload uses the 'SLEEP' function to confirm the vulnerability via delayed response.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla! Component Ek Rishta 2.10
No auth needed
Prerequisites: Access to the vulnerable Joomla component
devstral-2 · analyzed May 24, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-44869
https://www.exploit-db.com/exploits/44869
Product product
Official Product Homepage
https://www.joomlaextensions.co.in/
Product product
Product Reference
https://extensions.joomla.org/extension/ek-rishta/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
https://www.vulncheck.com/advisories/joomla-component-ek-rishta-sql-injection-via-user-detail

Scores

CVSS v3 8.2
EPSS 0.0036
EPSS Percentile 27.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
harmistechnology/Ek Rishta 2.10
Published May 23, 2026
Tracked Since May 24, 2026