CVE-2018-25381 HIGH

CVE-2018-25381: Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Vendor Extro
Product Responsive Portfolio
Weakness CWE-89 · SQLi
Published May 25, 2026
Last update May 26, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

Explanation of Vulnerability in Simple Terms

02Summary

Responsive Portfolio versions 1.6.1 and later contain a SQL injection vulnerability in database query handling. An attacker with low-level user privileges can inject malicious SQL commands to read or modify database contents. The vulnerability requires network access and low authentication privileges but no user interaction.

What an attacker can do

03Attacker Capabilities

Read or modify database contents by injecting SQL commands into vulnerable queries.

Potential impact on your site

04Site Impact

Database contents may be exposed or altered by authenticated attackers with low privileges.

Conditions required to exploit

05Prerequisites

Attacker must have low-level user account access to the application.

Key dates

06Disclosure timeline

May 25, 2026 CVE published
May 26, 2026 Record updated

Related vulnerabilities

08Related CVE