RSMediaGallery! SQL Injection Vulnerability in Joomla
Vulnerability
A SQL injection vulnerability has been identified in the RSMediaGallery! component for Joomla, specifically in versions 1.7.4 to 2.1.7. The vulnerability arises within the dashboard component, where user input is not adequately sanitized before being stored and displayed. This lack of proper input validation allows attackers to inject malicious JavaScript into text fields or other input areas. The injected script is then executed in the browser of any user who interacts with the compromised text in the dashboard.
Impact
Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries and potentially execute arbitrary SQL commands. Additionally, the vulnerability allows for cross-site scripting (XSS) attacks, where injected JavaScript is executed in the context of the user's browser.
Remediation
Users can update to RSMediaGallery! version 2.1.8, which addresses this vulnerability by properly escaping backend AJAX request parameters.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.