CVE-2018-25348
HIGHJoomla! Component Ek Rishta 2.10 SQL Injection via user_detail
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2018-25348. PoCs published by 41!kh4224rDz.
AI-analyzed exploit summary This exploit demonstrates a time-based SQL injection vulnerability in Joomla! Component Ek Rishta 2.10. The payload uses the 'SLEEP' function to confirm the vulnerability via delayed response.
Description
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
Exploits (1)
This exploit demonstrates a time-based SQL injection vulnerability in Joomla! Component Ek Rishta 2.10. The payload uses the 'SLEEP' function to confirm the vulnerability via delayed response.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N