Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Remote Code Execution vulnerability in Joomla

 

Systems Affected


Joomla! CMS versions 1.5.0 through 3.4.6

Threat Level


High


Overview


A vulnerability has been reported in Joomla!, which could be exploited by remote attacker to execute arbitrary code.


Description


This vulnerability exists due to a use after free flaw in session deserializer in PHP while calling php_var_unserialize().

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.


Impact



Solution/ Workarounds


Upgrade to latest version as mentioned at https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.