Phoenixx

**Name of the Vulnerable Software and Affected Versions** com rpl component versions prior to 8.9.5 for Joomla! **Description** The issue allows remote administrators to execute arbitrary SQL commands. This can be achieved via various parameters in the administrator/index.php endpoint, including `id`, `copy field` in a data copy action, `pshow` in an update field action, `css`, `tip`, `cat id`, `text search`, `plisting`, or `pwizard`. **Recommendations** For com rpl component versions prior to 8.9.5, update to version 8.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator/index.php endpoint and limiting the use of the vulnerable parameters until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Realtyna RPL (com rpl) component versions prior to 8.9.5 for Joomla! **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that add a user via an `add user` action to "administrator/index.php". **Recommendations** For versions prior to 8.9.5, update to version 8.9.5 or later to resolve the issue.