Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25330: EkRishta Joomla Extension Allows Malicious Code Injection
CVE-2018-25330
Summary
The EkRishta extension for Joomla has security flaws that allow hackers to inject malicious code into user profiles and manipulate database queries. This can lead to unauthorized access to sensitive information or the ability to take control of the website. Joomla users should update the EkRishta extension to the latest version to fix these issues.
Original title
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. ...
Original description
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 17 May 2026 · Updated: 24 May 2026 · First seen: 17 May 2026