CVE-2015-7714

Name of the Vulnerable Software and Affected Versions com rpl component versions prior to 8.9.5 for Joomla!

Description The issue allows remote administrators to execute arbitrary SQL commands. This can be achieved via various parameters in the administrator/index.php endpoint, including id, copy field in a data copy action, pshow in an update field action, css, tip, cat id, text search, plisting, or pwizard.

Recommendations For com rpl component versions prior to 8.9.5, update to version 8.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator/index.php endpoint and limiting the use of the vulnerable parameters until the update is applied.