Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-7858

Published: 29/10/2015 Updated: 13/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 759
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Joomla

Vulnerability Summary

SQL injection vulnerability in Joomla! 3.2 prior to 3.4.4 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

joomla joomla\\! 3.4.0

joomla joomla\\! 3.3.3

joomla joomla\\! 3.3.4

joomla joomla\\! 3.3.1

joomla joomla\\! 3.3.2

joomla joomla\\! 3.2.4

joomla joomla\\! 3.4.3

joomla joomla\\! 3.3.0

joomla joomla\\! 3.2.2

joomla joomla\\! 3.2.3

joomla joomla\\! 3.4.2

joomla joomla\\! 3.4.1

joomla joomla\\! 3.2.0

joomla joomla\\! 3.2.1

Exploits

Exploit DB: Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(updat ...

Github Repositories

https://github.com/mukarramkhalid/joomla-sqli-mass-exploit

Joomla 3.2 to 3.4.4 Remote SQL Injection Mass Exploit

Joomla 32 to 344 Remote SQL Injection Mass Exploit Exploit Title - Joomla 32 to 344 Remote SQL Injection Mass Exploit Date - 25-10-2015 Requirements - Python 34x , Requests module (python -m pip install requests) Vulnerable Version - githubcom/joomla/joomla-cms/releases/download/344/Joomla_344-Stable-Full_Packagezip Vulnerability found by - trustwavecom E

https://github.com/Jahismighty/maltrail

Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data leakage False positives Req

https://github.com/Ciber1401/Mai

Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data leakage False positives Req

https://github.com/a-belard/maltrail

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

https://github.com/stamparm/maltrail

Malicious traffic detection system

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

https://github.com/yasir27uk/maltrail

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

https://github.com/hxp2k6/https-github.com-stamparm-maltrail

Maltrail Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning Potential UDP exfiltration False positives R

https://github.com/Youhoohoo/maltrail-iie

maltrail under V&R support, fork from https://github.com/stamparm/maltrail

Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data leakage False positives Req

https://github.com/khanzjob/mal-trail-ids

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

https://github.com/Pythunder/maltrail

Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data leakage False positives Req

https://github.com/khanzjob/maltrail

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

https://github.com/JustF0rWork/malware

检测

Content Introduction Architecture Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning Potential UDP exfiltration False positives Requirements

https://github.com/Mezantrop74/MAILTRAIL

Content Introduction Architecture Demo pages Requirements Quick start Administrator's guide Sensor Server User's guide Reporting interface Real-life cases Mass scans Anonymous attackers Service attackers Malware Suspicious domain lookups Suspicious ipinfo requests Suspicious direct file downloads Suspicious HTTP requests Port scanning DNS resource exhaustion Data lea

Recent Articles

Joomla patches critical core shop-pwning flaw
The Register • Darren Pauli • 23 Oct 2015

No coupon? Just make yourself ADMIN.

Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version 3.2 to 3.4.4 and were identified earlier this month. Joomla is used by the likes of Barnes and Noble, eBay, and Peugeot. Trustwave's Asaf Orpani and PerimeterX's Netanel Ru...

Read more...

References

CWE-89http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.htmlhttps://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/http://www.securitytracker.com/id/1033950http://www.securityfocus.com/bid/77295http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.htmlhttp://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_sqli_rcehttps://www.exploit-db.com/exploits/38797/https://nvd.nist.govhttps://www.exploit-db.com/exploits/38797/https://github.com/mukarramkhalid/joomla-sqli-mass-exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook