What the vulnerability does
01Description
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
Explanation of Vulnerability in Simple Terms
02Summary
EkRishta versions 2.10 contain a SQL injection vulnerability in an unspecified component. An attacker can send a crafted request over the network to execute arbitrary SQL queries against the application's database, potentially reading or modifying sensitive data without authentication.
What an attacker can do
03Attacker Capabilities
Execute arbitrary SQL queries to read or modify database contents without authentication.
Potential impact on your site
04Site Impact
Attackers can access or alter user data, credentials, and site configuration stored in the database.
Conditions required to exploit
05Prerequisites
Network access to the application; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 23, 2026
CVE published
May 26, 2026
Record updated