Description
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Security Bypass (2.3.4)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.7)
WordPress Plugin Church Admin Arbitrary File Upload (1.2530)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-30044)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)