CVE-2025-32466 MEDIUM

CVE-2025-32466: Extension - rsjoomla.com - SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla

Vendor Rsjoomla.com
Product RSMediaGallery component for Joomla
Weakness CWE-89 · SQLi
Published June 11, 2025
Last update June 12, 2025

CVSS base score

6.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

What the vulnerability does

01Description

A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.

Explanation of Vulnerability in Simple Terms

02Summary

RSMediaGallery for Joomla contains a SQL injection vulnerability in versions 1.7.4 through 2.1.7. An authenticated administrator with high privileges can inject malicious SQL code through the component's interface. This allows reading or modifying database contents. A patch version has not been publicly identified.

What an attacker can do

03Attacker Capabilities

Read or modify database contents via SQL injection.

Potential impact on your site

04Site Impact

An admin account compromise could expose or alter your Joomla database, including user credentials and site content.

Conditions required to exploit

05Prerequisites

Attacker must be logged in as a Joomla administrator and interact with the vulnerable component interface.

Key dates

06Disclosure timeline

June 11, 2025 CVE published
June 12, 2025 Record updated

Related vulnerabilities

08Related CVE