CVE-2018-25380
HighSummary
The Joomla Component eXtroForms version 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.
Risk Assessment
This vulnerability poses a serious risk to data security, allowing attackers to access confidential information in the database. It may lead to data loss, privacy breaches, and potential financial losses for the organization.
Recommendation
It is recommended to update the eXtroForms component to the latest version that addresses this vulnerability. Additionally, implementing further security measures such as monitoring and restricting access to critical application functions is advisable.
Original NVD description (English source)
Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

