CVE-2018-25330

Vulnerability

Details

The Joomla! extension EkRishta version 2.10 suffers from two distinct vulnerabilities: persistent cross-site scripting (XSS) and SQL injection. The root cause is insufficient sanitization of user-supplied input. Profile fields such as Address do not properly escape HTML, allowing attackers to inject arbitrary script payloads. Additionally, the phone_no parameter in the user_setting endpoint is not sanitized against SQL metacharacters, enabling injection of malicious SQL commands [1][2].

Exploitation

For the XSS vulnerability, an attacker can register a profile and insert a payload like "> into the Address field. This payload executes in the browser of any user who views the attacker's profile [1]. The SQL injection is performed by sending a POST request to /index.php/profile/user_setting with a crafted phone_no value. The request includes a hidden task parameter set to save and a save button. No authentication is explicitly required in the exploit description, but the user_setting page likely requires a valid session [1][2].

Impact

Successful XSS allows an attacker to execute arbitrary JavaScript in the context of a victim's session, potentially leading to session hijacking, defacement, or phishing. The SQL injection can manipulate database queries, enabling data extraction, modification, or deletion. Given the CVSS v3 score of 8.2 (High), the impact on confidentiality and integrity is significant [2].

Mitigation

As of the latest advisories, no official patch has been released for EkRishta 2.10. The extension is likely end-of-life or unsupported. Users are strongly advised to disable or remove the extension from their Joomla! installations to eliminate the risk [2].