Vulnerability Description
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | 1.5.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-RExploit
- http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html
- http://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce
- http://www.securityfocus.com/archive/1/537219/100/0/threaded
- http://www.securityfocus.com/bid/79195
- https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomlaExploit
- https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execuVendor Advisory
- https://www.exploit-db.com/exploits/38977/Exploit
- https://www.exploit-db.com/exploits/39033/Exploit
- http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-RExploit
- http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html
- http://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce
- http://www.securityfocus.com/archive/1/537219/100/0/threaded
- http://www.securityfocus.com/bid/79195
- https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomlaExploit
FAQ
What is CVE-2015-8562?
CVE-2015-8562 is a vulnerability with a CVSS score of 7.5 (HIGH). Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Decem...
How severe is CVE-2015-8562?
CVE-2015-8562 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8562?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.