CVE-2015-8562 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2015-8562

Deferred

More Info Official Page

Source-cve@mitre.org

Published At-16 Dec, 2015 | 21:59

Updated At-12 Apr, 2025 | 10:46

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

>>joomla\!>>1.5.0

cpe:2.3:a:joomla:joomla\!:1.5.0:*:*:*:*:*:*:*

>>joomla\!>>1.5.1

cpe:2.3:a:joomla:joomla\!:1.5.1:*:*:*:*:*:*:*

>>joomla\!>>1.5.2

cpe:2.3:a:joomla:joomla\!:1.5.2:*:*:*:*:*:*:*

>>joomla\!>>1.5.3

cpe:2.3:a:joomla:joomla\!:1.5.3:*:*:*:*:*:*:*

>>joomla\!>>1.5.4

cpe:2.3:a:joomla:joomla\!:1.5.4:*:*:*:*:*:*:*

>>joomla\!>>1.5.6

cpe:2.3:a:joomla:joomla\!:1.5.6:*:*:*:*:*:*:*

>>joomla\!>>1.5.7

cpe:2.3:a:joomla:joomla\!:1.5.7:*:*:*:*:*:*:*

>>joomla\!>>1.5.8

cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*

>>joomla\!>>1.5.9

cpe:2.3:a:joomla:joomla\!:1.5.9:*:*:*:*:*:*:*

>>joomla\!>>1.5.10

cpe:2.3:a:joomla:joomla\!:1.5.10:*:*:*:*:*:*:*

>>joomla\!>>1.5.11

cpe:2.3:a:joomla:joomla\!:1.5.11:*:*:*:*:*:*:*

>>joomla\!>>1.5.12

cpe:2.3:a:joomla:joomla\!:1.5.12:*:*:*:*:*:*:*

>>joomla\!>>1.5.13

cpe:2.3:a:joomla:joomla\!:1.5.13:*:*:*:*:*:*:*

>>joomla\!>>1.5.14

cpe:2.3:a:joomla:joomla\!:1.5.14:*:*:*:*:*:*:*

>>joomla\!>>1.5.15

cpe:2.3:a:joomla:joomla\!:1.5.15:*:*:*:*:*:*:*

>>joomla\!>>1.5.16

cpe:2.3:a:joomla:joomla\!:1.5.16:*:*:*:*:*:*:*

>>joomla\!>>1.5.17

cpe:2.3:a:joomla:joomla\!:1.5.17:*:*:*:*:*:*:*

>>joomla\!>>1.5.18

cpe:2.3:a:joomla:joomla\!:1.5.18:*:*:*:*:*:*:*

>>joomla\!>>1.5.19

cpe:2.3:a:joomla:joomla\!:1.5.19:*:*:*:*:*:*:*

>>joomla\!>>1.5.20

cpe:2.3:a:joomla:joomla\!:1.5.20:*:*:*:*:*:*:*

>>joomla\!>>1.5.21

cpe:2.3:a:joomla:joomla\!:1.5.21:*:*:*:*:*:*:*

>>joomla\!>>1.5.22

cpe:2.3:a:joomla:joomla\!:1.5.22:*:*:*:*:*:*:*

>>joomla\!>>1.5.23

cpe:2.3:a:joomla:joomla\!:1.5.23:*:*:*:*:*:*:*

>>joomla\!>>1.5.24

cpe:2.3:a:joomla:joomla\!:1.5.24:*:*:*:*:*:*:*

>>joomla\!>>1.5.25

cpe:2.3:a:joomla:joomla\!:1.5.25:*:*:*:*:*:*:*

>>joomla\!>>1.5.26

cpe:2.3:a:joomla:joomla\!:1.5.26:*:*:*:*:*:*:*

>>joomla\!>>1.6.0

cpe:2.3:a:joomla:joomla\!:1.6.0:*:*:*:*:*:*:*

>>joomla\!>>1.6.1

cpe:2.3:a:joomla:joomla\!:1.6.1:*:*:*:*:*:*:*

>>joomla\!>>1.6.2

cpe:2.3:a:joomla:joomla\!:1.6.2:*:*:*:*:*:*:*

>>joomla\!>>1.6.3

cpe:2.3:a:joomla:joomla\!:1.6.3:*:*:*:*:*:*:*

>>joomla\!>>1.6.4

cpe:2.3:a:joomla:joomla\!:1.6.4:*:*:*:*:*:*:*

>>joomla\!>>1.6.5

cpe:2.3:a:joomla:joomla\!:1.6.5:*:*:*:*:*:*:*

>>joomla\!>>1.6.6

cpe:2.3:a:joomla:joomla\!:1.6.6:*:*:*:*:*:*:*

>>joomla\!>>1.7.0

cpe:2.3:a:joomla:joomla\!:1.7.0:*:*:*:*:*:*:*

>>joomla\!>>1.7.1

cpe:2.3:a:joomla:joomla\!:1.7.1:*:*:*:*:*:*:*

>>joomla\!>>1.7.2

cpe:2.3:a:joomla:joomla\!:1.7.2:*:*:*:*:*:*:*

>>joomla\!>>1.7.3

cpe:2.3:a:joomla:joomla\!:1.7.3:*:*:*:*:*:*:*

>>joomla\!>>1.7.4

cpe:2.3:a:joomla:joomla\!:1.7.4:*:*:*:*:*:*:*

>>joomla\!>>1.7.5

cpe:2.3:a:joomla:joomla\!:1.7.5:*:*:*:*:*:*:*

>>joomla\!>>2.5.0

cpe:2.3:a:joomla:joomla\!:2.5.0:*:*:*:*:*:*:*

>>joomla\!>>2.5.1

cpe:2.3:a:joomla:joomla\!:2.5.1:*:*:*:*:*:*:*

>>joomla\!>>2.5.2

cpe:2.3:a:joomla:joomla\!:2.5.2:*:*:*:*:*:*:*

>>joomla\!>>2.5.3

cpe:2.3:a:joomla:joomla\!:2.5.3:*:*:*:*:*:*:*

>>joomla\!>>2.5.4

cpe:2.3:a:joomla:joomla\!:2.5.4:*:*:*:*:*:*:*

>>joomla\!>>2.5.5

cpe:2.3:a:joomla:joomla\!:2.5.5:*:*:*:*:*:*:*

>>joomla\!>>2.5.6

cpe:2.3:a:joomla:joomla\!:2.5.6:*:*:*:*:*:*:*

>>joomla\!>>2.5.7

cpe:2.3:a:joomla:joomla\!:2.5.7:*:*:*:*:*:*:*

>>joomla\!>>2.5.8

cpe:2.3:a:joomla:joomla\!:2.5.8:*:*:*:*:*:*:*

>>joomla\!>>2.5.9

cpe:2.3:a:joomla:joomla\!:2.5.9:*:*:*:*:*:*:*

>>joomla\!>>2.5.10

cpe:2.3:a:joomla:joomla\!:2.5.10:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html	cve@mitre.org	Exploit
http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html	cve@mitre.org	N/A
http://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/537219/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/79195	cve@mitre.org	N/A
https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html	cve@mitre.org	Exploit
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html	cve@mitre.org	Vendor Advisory
https://www.exploit-db.com/exploits/38977/	cve@mitre.org	Exploit
https://www.exploit-db.com/exploits/39033/	cve@mitre.org	Exploit
http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/537219/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/79195	af854a3a-2127-422b-91ae-364da2661108	N/A
https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.exploit-db.com/exploits/38977/	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://www.exploit-db.com/exploits/39033/	af854a3a-2127-422b-91ae-364da2661108	Exploit