CVE-2015-7858

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type Values Removed Values Added
References () http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html - () http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html -
References () http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html - () http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html -
References () http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html -
References () http://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_sqli_rce - () http://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_sqli_rce -
References () http://www.securityfocus.com/bid/77295 - () http://www.securityfocus.com/bid/77295 -
References () http://www.securitytracker.com/id/1033950 - () http://www.securitytracker.com/id/1033950 -
References () https://www.exploit-db.com/exploits/38797/ - () https://www.exploit-db.com/exploits/38797/ -
References () https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/ - Exploit () https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/ - Exploit

Information

Published : 2015-10-29 20:59

Updated : 2024-11-21 02:37


NVD link : CVE-2015-7858

Mitre link : CVE-2015-7858

CVE.ORG link : CVE-2015-7858


JSON object : View

Products Affected

joomla

  • joomla\!
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')