These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A SQL injection vulnerability in the Joomla! component EkRishta 2.10 allows unauthenticated attackers to execute arbitrary SQL queries via the username parameter on the login endpoint. The vulnerability is error-based, enabling database information extraction including user credentials and system details through crafted POST requests.
CVE-2018-25348 documents an unauthenticated SQL injection vulnerability in the Joomla! component Ek Rishta version 2.10. The flaw resides in the user_detail view, where the cid parameter fails to properly sanitize user-supplied input before incorporation into database queries. Attackers can exploit this weakness via crafted GET requests to extract sensitive information from the underlying database. The vu [truncated]