Description
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
Published: 2026-05-23
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in Joomla! Component Ek Rishta 2.10 and allows unauthenticated attackers to inject malicious SQL through the cid parameter of the user_detail view. Successful exploitation lets an attacker modify or read database contents, potentially exposing sensitive user data or site configuration. The flaw maps to CWE-89, indicating unsanitized input in SQL statements.

Affected Systems

Joomla! Component Ek Rishta version 2.10, developed by Harmistechnology, is installed on affected Joomla! sites.

Risk and Exploitability

The CVSS score of 8.8 demonstrates a high severity. While EPSS data is not available, the lack of a KEV listing suggests no known active exploitation yet, however the high CVSS and easy authentication bypass mean attackers could exploit this in a targeted or opportunistic manner. The injection can be triggered through a simple GET request, making it trivially exploitable over the public internet.

Generated by OpenCVE AI on May 23, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ek Rishta to the latest version that removes the vulnerable user_detail view or patches the cid parameter sanitization.
  • If an immediate update is not possible, disable the component or block access to the user_detail URL via web server configuration or Joomla! ACL settings.
  • Remove the Ek Rishta component entirely if it is not required for site functionality.

Generated by OpenCVE AI on May 23, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
Title Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
First Time appeared Harmistechnology
Harmistechnology ek Rishta
Weaknesses CWE-89
CPEs cpe:2.3:a:harmistechnology:ek_rishta:2.10:*:*:*:*:joomla\!:*:*
Vendors & Products Harmistechnology
Harmistechnology ek Rishta
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Harmistechnology Ek Rishta
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:49.735Z

Reserved: 2026-05-23T15:31:00.574Z

Link: CVE-2018-25348

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T20:30:26Z

Weaknesses