CVE-2018-25380
Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.
| CWE | CWE-89 |
| Vendor | extro |
| Product | extroforms |
| Published | May 25, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for extro extroforms
Be the first to know when new high vulnerabilities affecting extro extroforms are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Extro / eXtroForms
2.1.5
References
exploit-db.com: https://www.exploit-db.com/exploits/45472 extro.media: https://extro.media/ extensions.joomla.org: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/extroforms/ vulncheck.com: https://www.vulncheck.com/advisories/joomla-component-extroforms-sql-injection-via-filter-parameters
Credits
Özkan Mustafa Akkuş (AkkuS)