Description

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

Remediation

References

CVE-2015-8562

Related Vulnerabilities

WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)

Apache Traffic Server Other Vulnerability (CVE-2019-9513)

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)

MySQL CVE-2019-2592 Vulnerability (CVE-2019-2592)

WordPress Plugin 10Web Social Feed for Instagram Multiple Cross-Site Scripting Vulnerabilities (1.3.0)

Severity

High

Classification

CVE-2015-8562 CWE-20

Tags

Missing Update Known Vulnerabilities