CVE-2025-27753

Published Jun 5, 2025

Last updated a month ago

Overview

Description
A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
Source
security@joomla.org
NVD status
Received

Weaknesses

security@joomla.org
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-27753 A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in… https://t.co/aJgaoJSqXw

    @CVEnew

    5 Jun 2025

    282 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.