vendor:
Joomla
by:
Gary@ Sec-1 ltd, Modified - Andrew McNicol BreakPoint Labs (@0xcc_labs)
9,8
CVSS
HIGH
Object Injection RCE
94
CWE
Product Name: Joomla
Affected Version From: Joomla 1.5
Affected Version To: Joomla 3.4.6
Patch Exists: YES
Related CWE: CVE-2015-8562
CPE: a:joomla:joomla
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 14.04.2 LTS
2015
Joomla 1.5 – 3.4.6 Object Injection RCE X-Forwarded-For header
Joomla 1.5 - 3.4.6 is vulnerable to an Object Injection Remote Code Execution (RCE) vulnerability. This vulnerability is due to the lack of input validation of the X-Forwarded-For header. An attacker can exploit this vulnerability by sending a maliciously crafted X-Forwarded-For header to the vulnerable server. This can allow an attacker to execute arbitrary code on the vulnerable server.
Mitigation:
Input validation of the X-Forwarded-For header should be implemented to prevent exploitation of this vulnerability.
