We have been informed about a vulnerability in the code of JoomGallery 3.x for a so-called SQL injection.
Through this vulnerability, users logged into the backend can read unauthorised information from the database.
According to our assessment, this is a vulnerability with the severity level "medium".
We are not aware of any successful attacks so far.
Version 3.6.2 closes this gap.
As always, we recommend that you update as soon as possible.
We thank cyllective AG for reporting this problem.