Primary

Context

Joomla! Component Ek Rishta SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Joomla! component Ek Rishta version 2.10. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'cid' parameter. Attackers can send GET requests to the 'user_detail' view with malicious 'cid' values containing SQL commands, potentially leading to the extraction of sensitive database information.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, enabling attackers to manipulate database queries and access sensitive information from the database.

Reproduction

To reproduce this vulnerability, send a GET request to the 'user_detail' view of the Ek Rishta component, including a 'cid' parameter with a crafted SQL payload. The injection can be verified by using a payload that, for example, delays the response, indicating successful exploitation.

Added: May 26, 2026, 9:17 PM

Updated: May 26, 2026, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! Component Ek Rishta SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Joomla! Ek Rishta

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating