CVE-2018-25348
Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
CVSS Score
8.2
EPSS Score
0.1%
EPSS Percentile
21th
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
| CWE | CWE-89 |
| Vendor | harmistechnology |
| Product | ek rishta |
| Published | May 23, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for harmistechnology ek rishta
Be the first to know when new high vulnerabilities affecting harmistechnology ek rishta are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
harmistechnology / Ek Rishta
2.10
References
exploit-db.com: https://www.exploit-db.com/exploits/44869 joomlaextensions.co.in: https://www.joomlaextensions.co.in/ extensions.joomla.org: https://extensions.joomla.org/extension/ek-rishta/ vulncheck.com: https://www.vulncheck.com/advisories/joomla-component-ek-rishta-sql-injection-via-user-detail
Credits
41!kh4224rDz