Joomla User-Agent PHP object injection
Added: 12/17/2015CVE: CVE-2015-8562
BID: 79195
Background
Joomla is a content management system written in PHP.Problem
A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leading to arbitrary command execution.Resolution
Upgrade to Joomla 3.4.6 or higher.References
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.htmlhttps://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
Limitations
Exploit works on Joomla 3.4.5 running on Linux.Platforms
LinuxBack to exploit index