Описание
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-8562
- https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
- https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
- https://www.exploit-db.com/exploits/38977
- https://www.exploit-db.com/exploits/39033
- http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html
- http://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce
- http://www.securityfocus.com/archive/1/537219/100/0/threaded
- http://www.securityfocus.com/bid/79195
Связанные уязвимости
nvd
около 10 лет назад
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.