CVE-2018-25351

HIGH

Joomla! Component EkRishta 2.10 SQL Injection via username

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25351. PoCs published by L0RD.

AI-analyzed exploit summary This is a functional SQL injection exploit targeting the 'username' parameter in Joomla! Component EkRishta 2.10. The payload uses an error-based SQLi technique with `extractvalue` to leak database user information.

Description

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.

Exploits (1)

exploitdb WORKING POC
by L0RD · textwebappsphp
https://www.exploit-db.com/exploits/44877

This is a functional SQL injection exploit targeting the 'username' parameter in Joomla! Component EkRishta 2.10. The payload uses an error-based SQLi technique with `extractvalue` to leak database user information.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla! Component EkRishta 2.10
No auth needed
Prerequisites: Access to the login endpoint · Joomla! Component EkRishta 2.10 installed
devstral-2 · analyzed May 24, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-44877
https://www.exploit-db.com/exploits/44877
Product product
Official Product Homepage
https://www.joomlaextensions.co.in/
Product product
Product Reference
https://extensions.joomla.org/extension/ek-rishta/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla! Component EkRishta 2.10 SQL Injection via username
https://www.vulncheck.com/advisories/joomla-component-ekrishta-sql-injection-via-username

Scores

CVSS v3 8.2
EPSS 0.0043
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
harmistechnology/Ek Rishta 2.10
harmistechnology/EkRishta 2.10
Published May 23, 2026
Tracked Since May 24, 2026