Description
The Joomla security team have released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability.
Remediation
Upgrade to Joomla! CMS version 3.4.6. If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes listed in the Web references section.
References
Security hotfixes for Joomla EOL versions
[20151201] - Core - Remote Code Execution Vulnerability
Critical 0-day Remote Command Execution Vulnerability in Joomla
Related Vulnerabilities
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
Text4shell: Apache Commons Text RCE via insecure interpolation
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)