Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25348: Joomla! Ek Rishta 2.10 allows attackers to access database info
CVE-2018-25348
Summary
An attacker can send a special request to Joomla! Ek Rishta 2.10, allowing them to access sensitive database information. This is a risk because it could give an attacker confidential information about your website and its users. To fix this, update to a newer version of Ek Rishta or remove it if it's no longer needed.
Original title
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attack...
Original description
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026