CVE-2018-25381
HighSummary
Joomla Responsive Portfolio version 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests.
Risk Assessment
This vulnerability could lead to the exposure of sensitive database information, including credentials and server details, posing a significant security risk to the organization.
Recommendation
It is recommended to update Joomla Responsive Portfolio to the latest version to mitigate this vulnerability and review application security to minimize the risk of SQL injection attacks.
Original NVD description (English source)
Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

