Description

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

Remediation

References

CVE-2015-7857

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2242)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4812)

WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)

Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708)

Severity

High

Classification

CVE-2015-7857 CWE-138

Tags

Missing Update Known Vulnerabilities