CVE-2018-25381 documents an SQL injection vulnerability in Joomla Responsive Portfolio version 1.6.1. The flaw exists in multiple filter parameters—specifically filter_type_id, filter_pid_id, and filter_search—where authenticated attackers can inject arbitrary SQL commands through POST requests. Successful exploitation enables extraction of sensitive database contents including credentials and server conf [truncated]
CVE-2018-25380 documents an authenticated SQL injection vulnerability in eXtroForms 2.1.5, a Joomla! component. The vulnerability resides in the extroformfield view, where the filter_type_id, filter_pid_id, and filter_search parameters fail to properly sanitize user input before incorporating it into SQL queries. An attacker with valid credentials can submit crafted POST requests containing malicious SQL [truncated]
