CVE-2018-25351 HIGH

CVE-2018-25351: Joomla! Component EkRishta 2.10 SQL Injection via username

Vendor Harmistechnology
Product EkRishta
Weakness CWE-89 · SQLi
Published May 23, 2026
Last update May 26, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.

Explanation of Vulnerability in Simple Terms

02Summary

EkRishta versions 2.10 contain a SQL injection vulnerability in an unspecified component. An attacker can send a crafted request over the network to execute arbitrary SQL queries against the application's database, potentially reading or modifying sensitive data without authentication.

What an attacker can do

03Attacker Capabilities

Execute arbitrary SQL queries to read or modify database contents without authentication.

Potential impact on your site

04Site Impact

Attackers can access or alter user data, credentials, and site configuration stored in the database.

Conditions required to exploit

05Prerequisites

Network access to the application; no authentication or user interaction required.

Key dates

06Disclosure timeline

May 23, 2026 CVE published
May 26, 2026 Record updated