CVE-2018-12254
UnknownEPSS 2.62%
Last modified
CVE-2018-12254 is a vulnerability of currently unknown severity. router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.. EPSS estimates a 2.62% chance of exploitation in the next 30 days.
Description
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Harmistechnology | Ek Rishta | 2.10 |
References
- https://m4k4br0.github.io/sql-injection-joomla-component/Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/44893/Exploit, Third Party Advisory, VDB Entry
- https://m4k4br0.github.io/sql-injection-joomla-component/Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/44893/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12254?
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
How severe is CVE-2018-12254?
Severity scoring for CVE-2018-12254 is pending analysis. The EPSS model estimates a 2.62% probability of exploitation in the next 30 days.
How do I fix CVE-2018-12254?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-12254?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST