What the vulnerability does
01Description
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Explanation of Vulnerability in Simple Terms
02Summary
RSform!Pro for Joomla contains a code injection vulnerability in versions 3.0.0 through 3.3.14. An authenticated administrator can inject and execute arbitrary PHP code on the site. This requires high-level admin access but allows complete site compromise once exploited.
What an attacker can do
03Attacker Capabilities
Run arbitrary PHP code on the site with full server privileges.
Potential impact on your site
04Site Impact
A compromised admin account can execute malicious code, steal data, modify content, or take the site offline.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the Joomla site.
Key dates
06Disclosure timeline
June 11, 2025
CVE published
June 12, 2025
Record updated