📄 Description (English)
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
🤖 AI Executive Summary
CVE-2018-25348 is a critical SQL injection vulnerability in Joomla! Component Ek Rishta 2.10 that allows unauthenticated attackers to execute arbitrary SQL queries through the cid parameter. This vulnerability enables complete database compromise including extraction of user credentials, personal information, and sensitive business data. With no patch available and no authentication required, this poses an immediate threat to any organization running this vulnerable component.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 26, 2026 18:32
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using Joomla! with Ek Rishta component, particularly affecting: Government agencies and municipalities relying on Joomla-based portals for citizen services; Banking and financial institutions using this component for customer relationship management; Healthcare providers managing patient information through Joomla platforms; E-commerce and retail sectors storing customer data; Telecommunications companies with web-based customer portals. The lack of authentication requirement makes this especially dangerous for public-facing applications common in Saudi digital transformation initiatives.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
E-commerce
Telecommunications
Education
Energy
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Joomla! with Ek Rishta component version 2.10 or earlier
2. Disable or uninstall the vulnerable Ek Rishta component immediately if not critical to operations
3. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in cid parameter
4. Review database access logs for suspicious SQL queries and unauthorized data access
COMPENSATING CONTROLS:
1. Restrict access to affected Joomla installations using IP whitelisting at network level
2. Implement input validation and parameterized queries at application level if component cannot be removed
3. Apply database-level restrictions limiting query scope and user permissions
4. Enable comprehensive logging and monitoring of all database queries
5. Isolate affected systems from production networks if remediation is delayed
DETECTION RULES:
1. Monitor for GET requests containing SQL keywords (UNION, SELECT, DROP, INSERT) in cid parameter
2. Alert on multiple failed SQL queries or unusual database activity from web application user
3. Track error messages containing SQL syntax errors in application logs
4. Monitor for encoded SQL injection attempts (hex, URL encoding) in cid parameter
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تعمل بـ Joomla! مع مكون Ek Rishta الإصدار 2.10 أو أقدم
2. تعطيل أو إلغاء تثبيت مكون Ek Rishta الضعيف فوراً إذا لم يكن حرجاً للعمليات
3. تطبيق قواعد جدار حماية تطبيقات الويب لحجب أنماط حقن SQL في معامل cid
4. مراجعة سجلات الوصول إلى قاعدة البيانات للاستعلامات المريبة والوصول غير المصرح
الضوابط البديلة:
1. تقييد الوصول إلى تثبيتات Joomla المتأثرة باستخدام قائمة بيضاء IP على مستوى الشبكة
2. تطبيق التحقق من صحة المدخلات والاستعلامات المعاملة على مستوى التطبيق
3. تطبيق قيود على مستوى قاعدة البيانات تحد من نطاق الاستعلام وأذونات المستخدم
4. تفعيل السجلات الشاملة ومراقبة جميع استعلامات قاعدة البيانات
5. عزل الأنظمة المتأثرة عن شبكات الإنتاج إذا تأخر العلاج
قواعد الكشف:
1. مراقبة طلبات GET التي تحتوي على كلمات SQL (UNION, SELECT, DROP, INSERT) في معامل cid
2. تنبيه عند استعلامات SQL متعددة فاشلة أو نشاط قاعدة بيانات غير عادي
3. تتبع رسائل الخطأ التي تحتوي على أخطاء بناء جملة SQL في سجلات التطبيق
4. مراقبة محاولات حقن SQL المشفرة في معامل cid
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Secure development policy and procedures
A.14.2.5 - Secure development environment
A.12.6.1 - Management of technical vulnerabilities
A.12.2.1 - Monitoring of system use
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.DS-6 - Data protection and privacy
DE.CM-1 - Detection and analysis of anomalies
RS.RP-1 - Response planning
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.12.2.1 - User activity monitoring
A.13.1.3 - Segregation of networks
🟣 PCI DSS v4.0.1
6.2 - Security patches and updates
6.5.1 - Injection flaws prevention
10.2 - User activity logging
11.2 - Vulnerability scanning
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://extensions.joomla.org/extension/ek-rishta/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/44869
disclosure@vulncheck.com
https://www.joomlaextensions.co.in/
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/joomla-component-ek-rishta-sql-injection-via-user-...
disclosure@vulncheck.com