Skip to content

Home 特別報告 CVE2015-8562 Joomla 遠程代碼執行漏洞
CVE2015-8562 Joomla 遠程代碼執行漏洞
週四, 17 十二月 2015 15:50

Joomla! Content Management System (CMS) is a free and open-source for users to develop their websites.

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

Vendor Reported Date:
13th, Dec. 2015

CVE Numbers:

If the exploit is successful, the attacker can inject arbitrary serialized payloads in the session and then allow attacker to conduct remote code execution.

Systems Affected:
Joomla! CMS versions 1.5.0 through 3.4.5

All Joomla users are recommended to upgrade to version 3.4.6.
Joomla also provide security hotfixes for users of EOL versions 1.5.x and 2.5.x.

Official Joomla security notice can be found at the Joomla! Developer Network

Further analysis can be found by Marc-Alexandre Montpas posted on SUCURIBlog

[YOUR IP: 55502] ...   [YOUR BROWSER: CCBot/2.0 (] ...