Description

The Joomla security team have released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability.

Remediation

Upgrade to Joomla! CMS version 3.4.6. If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes listed in the Web references section.

References

Security hotfixes for Joomla EOL versions

[20151201] - Core - Remote Code Execution Vulnerability

Critical 0-day Remote Command Execution Vulnerability in Joomla

Related Vulnerabilities

AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)

vBulletin PHP object injection vulnerability

Bash code injection vulnerability

WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

Severity

High

Classification

CVE-2015-8562 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution