Published: 29/10/2015 Updated: 30/10/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The com_contenthistory component in Joomla! 3.2 prior to 3.4.5 does not properly check ACLs, which allows remote malicious users to obtain sensitive information via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomla joomla\\! 3.2.0
joomla joomla\\! 3.2.1
joomla joomla\\! 3.2.3
joomla joomla\\! 3.3.0
joomla joomla\\! 3.4.0
joomla joomla\\! 3.4.2
joomla joomla\\! 3.4.4
joomla joomla\\! 3.3.1
joomla joomla\\! 3.3.2
joomla joomla\\! 3.3.3
joomla joomla\\! 3.3.4
joomla joomla\\! 3.2.2
joomla joomla\\! 3.2.4
joomla joomla\\! 3.4.1
joomla joomla\\! 3.4.3

Joomla patches critical core shop-pwning flaw

The Register • Darren Pauli • 23 Oct 2015

No coupon? Just make yourself ADMIN.

Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version 3.2 to 3.4.4 and were identified earlier this month. Joomla is used by the likes of Barnes and Noble, eBay, and Peugeot. Trustwave's Asaf Orpani and PerimeterX's Netanel Ru...

CVE-2015-7859

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect