Description

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

Remediation

References

CVE-2015-8562

Related Vulnerabilities

phpMyAdmin Cleartext Storage of Sensitive Information Vulnerability (CVE-2008-1567)

PleskWin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-24044)

WordPress Plugin WP GPX Maps 'wp-gpx-maps_admin_tracks.php' Arbitrary File Upload (1.1.22)

WordPress Plugin WP Support Plus Responsive Ticket System Security Bypass (7.1.4)

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4848)

Severity

High

Classification

CVE-2015-8562 CWE-20

Tags

Missing Update Known Vulnerabilities