Vulnerabilities

Report: Update: CVE-2018-25330 - Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

2026-05-17 0 views admin

CVE ID :CVE-2018-25330 Published : May 17, 2026, 1:16 p.m. | 1 hour, 13 minutes ago Description :Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2018-25330

Severity

HIGH

Published

May 17, 2026

Affected Product: Joomla

Impact: SQL injection

🏷️ Tags

reportupdate25330joomlaekrishtapersistentinjectionpublishedcvexss

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: Update: CVE-2018-25330 - Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-29518 - Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Report: CVE-2026-3593 - Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation - Full Analysis

Report: Ultimate Guide: CVE-2026-3592 - Amplification vulnerabilities via self-pointed glue records

Report: Ultimate Guide: CVE-2026-3039 - BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting