7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
Added: 12/17/2015
CVE: CVE-2015-8562
BID: 79195
Joomla is a content management system written in PHP.
A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leading to arbitrary command execution.
Upgrade to Joomla 3.4.6 or higher.
<https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html>
<https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html>
Exploit works on Joomla 3.4.5 running on Linux.
Linux