Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25351: Joomla! EkRishta 2.10: Unauthenticated SQL Injection Attack
CVE-2018-25351
Summary
A security flaw in Joomla! EkRishta 2.10 allows hackers to access sensitive information without needing a login. This is a serious issue because it could allow attackers to steal user passwords and learn about your system. To protect your site, update to a fixed version of EkRishta or remove the component altogether if you don't use it.
Original title
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usern...
Original description
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026