Added: 12/17/2015
CVE: CVE-2015-8562
BID: 79195
Joomla is a content management system written in PHP.
A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leading to arbitrary command execution.
Upgrade to Joomla 3.4.6 or higher.
<https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html>
<https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html>
Exploit works on Joomla 3.4.5 running on Linux.
Linux