|
Description
|
|
(#Several vulnerabilities were reported in Joomla's core:#- CVE-2015-7297, CVE-2015-7857 and CVE-2015-7858: several SQL injections##- CVE-2015-7859: ACL bypass in "com_contenthistory" module allowing a read access to data which should be access restricted##- CVE-2015-7899: ACL bypass in "com_content" module allowing a read access to data which should be access restricted.#Updated, 23/10/2015:#A proof of concept is available for these vulnerabilities.#Updated, 24/10/2015:#Additional information are available for CVE-2015-7857:#This vulnerability is located in the "/administrator/components/com_contenthistory/models/history.php" page and allows a remote attacker to obtain the administrator session key.#Updated, 27/10/2015:#An exploitation code for the vulnerability CVE-2015-7297 has been added to the Metasploit framework.#Updated, 28/10/2015:#The joomla3 packages provided by FreeBSD are vulnerable.#Updated, 20/11/2015:#An exploitation code for the CVE-2015-7857 and 7858 vulnerabilities has been added to the Metasploit framework.)
|
|
Vulnerable Products
|
|
Vulnerable OS:
FreeBSD (FreeBSD) - AllVulnerable Software:
Joomla (OSM Development Team) - 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, ..., 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4
|
