Skip to content

Home Special Alerts CVE2015-8562 Joomla Remote Code Execution
CVE2015-8562 Joomla Remote Code Execution
Thursday, 17 December 2015 15:50

Description:
Joomla! Content Management System (CMS) is a free and open-source for users to develop their websites.

Vulnerability:
Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

Vendor Reported Date:
13th, Dec. 2015

CVE Numbers:
CVE-2015-8562

Impact:
If the exploit is successful, the attacker can inject arbitrary serialized payloads in the session and then allow attacker to conduct remote code execution.

Systems Affected:
Joomla! CMS versions 1.5.0 through 3.4.5

Solution:
All Joomla users are recommended to upgrade to version 3.4.6.
https://www.joomla.org/download.html
Joomla also provide security hotfixes for users of EOL versions 1.5.x and 2.5.x.
https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions

Official Joomla security notice can be found at the Joomla! Developer Network
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html


Further analysis can be found by Marc-Alexandre Montpas posted on SUCURIBlog
https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html

 
[YOUR IP: 3.94.129.211: 55840] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...