CVE-2025-27753 – Joomla RSMediaGallery SQL Injection

June 5, 2025

CVE ID : CVE-2025-27753

Published : June 5, 2025, 2:15 p.m. | 53 minutes ago

Description : A SQLi vulnerability in RSMediaGallery component 1.7.4 – 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27754 – Joomla RSBlog! Stored Cross-Site Scripting (XSS) Vulnerability

Next Article CVE-2025-27445 – RSFirewall Joomla Path Traversal Vulnerability

Highlights

CVE-2025-5474 – 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

June 6, 2025

CVE ID : CVE-2025-5474

Published : June 6, 2025, 7:15 p.m. | 33 minutes ago

Description : 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required.

The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-27753 – Joomla RSMediaGallery SQL Injection

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

CVE-2025-43857 – Net::IMAP Denial of Service Memory Exhaustion Vulnerability

CVE-2025-7942 – A vulnerability has been found in PHPGurukul Taxi

AI in Manufacturing: Unlocking Efficiency with Predictive Maintenance & Automation🏭

Researchers from Fudan University Introduce Lorsa: A Sparse Attention Mechanism That Recovers Atomic Attention Units Hidden in Transformer Superposition

CVE-2025-5474 – 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

An NFL team just used Minecraft to announce its 2025-26 football schedule, because why not?

Everything I know about good system design

hasnayeen/themes

CVE-2025-27753 – Joomla RSMediaGallery SQL Injection

Related Posts