CVE-2018-25381

HIGH

Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25381. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Joomla! Component Responsive Portfolio 1.6.1 via the 'filter_type_id', 'filter_pid_id', and 'filter_search' POST parameters. It includes payloads for boolean-based blind, error-based, and time-based blind SQLi attacks.

Description

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/45491

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in Joomla! Component Responsive Portfolio 1.6.1 via the 'filter_type_id', 'filter_pid_id', and 'filter_search' POST parameters. It includes payloads for boolean-based blind, error-based, and time-based blind SQLi attacks.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla! Component Responsive Portfolio 1.6.1

Auth required

Prerequisites: Valid session cookies for authenticated access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 25, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45491

https://www.exploit-db.com/exploits/45491

Product product

Official Product Homepage

https://extro.media/

Product product

Product Reference

https://extensions.joomla.org/extension/rpc-responsive-portfolio/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

https://www.vulncheck.com/advisories/joomla-responsive-portfolio-sql-injection-via-filter-parameters

Scores

CVSS v3 7.1

EPSS 0.0028

EPSS Percentile 20.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Extro/Responsive Portfolio 1.6.1

Published May 25, 2026

Tracked Since May 25, 2026