What the vulnerability does
01Description
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Explanation of Vulnerability in Simple Terms
02Summary
RSMediaGallery for Joomla contains a SQL injection vulnerability in versions 1.7.4 through 2.1.7. An authenticated administrator with high privileges can inject malicious SQL code through the component's interface. This allows reading or modifying database contents. A patch version has not been publicly identified.
What an attacker can do
03Attacker Capabilities
Read or modify database contents via SQL injection.
Potential impact on your site
04Site Impact
An admin account compromise could expose or alter your Joomla database, including user credentials and site content.
Conditions required to exploit
05Prerequisites
Attacker must be logged in as a Joomla administrator and interact with the vulnerable component interface.
Key dates
06Disclosure timeline
June 11, 2025
CVE published
June 12, 2025
Record updated