CVE Catalog

CVE-2018-25381

High
Published: Translated: NVD NIST

Summary

Joomla Responsive Portfolio version 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests.

Risk Assessment

This vulnerability could lead to the exposure of sensitive database information, including credentials and server details, posing a significant security risk to the organization.

Recommendation

It is recommended to update Joomla Responsive Portfolio to the latest version to mitigate this vulnerability and review application security to minimize the risk of SQL injection attacks.

Original NVD description (English source)

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS