CVE-2025-27753

{"id": "CVE-2025-27753", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-06-05T14:15:31.550", "references": [{"url": "https://rsjoomla.com/", "source": "security@joomla.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@joomla.org", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad SQLi en el componente RSMediaGallery 1.7.4 - 2.1.6 para Joomla. Esta vulnerabilidad se debe al uso de par\u00e1metros proporcionados por el usuario sin escape en las consultas SQL dentro del componente del panel de control. Esto permite a un atacante autenticado inyectar c\u00f3digo SQL malicioso a trav\u00e9s de campos de entrada no depurados, que se utilizan directamente en las consultas SQL. Explotar esta vulnerabilidad puede provocar acceso no autorizado a la base de datos, fuga de datos o modificaci\u00f3n de registros."}], "lastModified": "2025-06-17T21:15:37.440", "sourceIdentifier": "security@joomla.org"}