CVE Catalog

CVE-2018-25380

High
Published: Translated: NVD NIST

Summary

The Joomla Component eXtroForms version 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

Risk Assessment

This vulnerability poses a serious risk to data security, allowing attackers to access confidential information in the database. It may lead to data loss, privacy breaches, and potential financial losses for the organization.

Recommendation

It is recommended to update the eXtroForms component to the latest version that addresses this vulnerability. Additionally, implementing further security measures such as monitoring and restricting access to critical application functions is advisable.

Original NVD description (English source)

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS