SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Two vulnerabilities have been reported in the RSGallery2 component
for Joomla!, which can be exploited by malicious users to conduct
script insertions attacks and by malicious people to conduct SQL
1) Certain unspecified input is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
2) Certain unspecified input is not properly sanitised before being
used. This can be exploited to insert arbitrary HTML and script code,
which will be executed in a user's browser session in context of an
affected site when the malicious data is being viewed.
The vulnerability are reported in versions prior to 3.2.0.
Update to version 3.2.0.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Stergios Kolios.