CVE-2018-25380: Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

Published May 25, 2026

Updated

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

Affected Software

1 affected component

eXtroForms (Joomla component)=2.1.5

Event History

May 25, 2026

CVE Published

via MITRE·02:15 PM

Data Sourced

via MITRE·02:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2018-25380?

The severity of CVE-2018-25380 is classified as high with a score of 7.1.

How do I fix CVE-2018-25380?

To fix CVE-2018-25380, update the eXtroForms component to a version that addresses this SQL injection vulnerability.

What kind of vulnerability is CVE-2018-25380?

CVE-2018-25380 is an SQL injection vulnerability affecting the eXtroForms component for Joomla.

Who is affected by CVE-2018-25380?

Authenticated users with permission to submit POST requests to the extroformfield view in eXtroForms are affected by CVE-2018-25380.

What can attackers do with CVE-2018-25380?

Attackers exploiting CVE-2018-25380 can execute arbitrary SQL commands through specific filter parameters.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.