CVE-2018-25381

Sažetak

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

Reference

https://extensions.joomla.org/extension/rpc-responsive-portfolio/
https://extro.media/
https://www.exploit-db.com/exploits/45491
https://www.vulncheck.com/advisories/joomla-responsive-portfolio-sql-injection-via-filter-parameters

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

26-05-2026 - 19:47

Objavljeno

25-05-2026 - 15:16