CVE-2018-7313 in CW Tagsinfo

Summary

by MITRE

SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/08/2025

The vulnerability CVE-2018-7313 represents a critical sql injection flaw within the CW Tags 2.0.6 component for Joomla based web applications where the cw tags component was installed.

The technical implementation of this vulnerability stems from inadequate input validation and parameter sanitization within the cw tags component. When users submit search queries through the searchtext array parameter, the application fails to properly escape or validate the input before incorporating it into sql queries. This creates a classic sql injection scenario where attackers can manipulate the underlying database queries by injecting malicious sql payloads. The vulnerability manifests when the component processes array-based parameters without proper sanitization, allowing sql commands to be executed with the privileges of the web application's database user. The flaw specifically impacts versions of the cw tags component prior to 2.0.7 and affects joomla! installations where this particular component is deployed.

The operational impact of CVE-2018-7313 extends beyond simple data theft or modification. Attackers can leverage this vulnerability to extract sensitive information from the database including user credentials, personal data, and system configuration details. The vulnerability also enables attackers to modify or delete database records, potentially leading to complete system compromise. Additionally, the attack can be used to escalate privileges within the database, allowing for further exploitation of the underlying system. The vulnerability affects not only the joomla installations face significant risk of data breaches, service disruption, and potential regulatory compliance violations.

Organizations should immediately update their joomla installations and ensure all third-party extensions are kept current with security patches.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

02/21/2018

Disclosure

02/22/2018

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.20166

KEV

no

Activities

very low

Sector

Hostingprovider

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2018-7313
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-7313
CVE Detailshttps://www.cvedetails.com/cve/CVE-2018-7313/

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!