CVE-2018-25380

Name of the Vulnerable Software and Affected Versions eXtroForms version 2.1.5

Description An SQL injection allows authenticated attackers to execute arbitrary SQL commands. This is achieved by submitting POST requests to the 'extroformfield' view using malicious payloads in the filter type id, filter pid id, and filter search parameters to extract sensitive database and server information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.