Skip to content

Home Special Alerts CVE2015-8562 Joomla Remote Code Execution
CVE2015-8562 Joomla Remote Code Execution
Thursday, 17 December 2015 15:50

Joomla! Content Management System (CMS) is a free and open-source for users to develop their websites.

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

Vendor Reported Date:
13th, Dec. 2015

CVE Numbers:

If the exploit is successful, the attacker can inject arbitrary serialized payloads in the session and then allow attacker to conduct remote code execution.

Systems Affected:
Joomla! CMS versions 1.5.0 through 3.4.5

All Joomla users are recommended to upgrade to version 3.4.6.
Joomla also provide security hotfixes for users of EOL versions 1.5.x and 2.5.x.

Official Joomla security notice can be found at the Joomla! Developer Network

Further analysis can be found by Marc-Alexandre Montpas posted on SUCURIBlog

[YOUR IP: 58838] ...   [YOUR BROWSER: CCBot/2.0 (] ...