Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2015-8566 — Joomla! Framework Remote Code Injection Vulnerability · VulnScope

CVE-2015-8566

Joomla! Framework Remote Code Injection Vulnerability

EPSS 8.9%

Description

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

How to fix CVE-2015-8566

To remediate CVE-2015-8566, upgrade the affected package to a fixed version below.

Packagist/joomla/session—upgrade to 1.3.1 or later

Is CVE-2015-8566 being exploited?

Moderate — EPSS is 8.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1.3.1

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-8566
PATCHgithub.com/joomla-framework/session
WEBdeveloper.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html
WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/joomla/session/CVE-2015-8566.yaml

Metadata

Published: 5/17/2022
Modified: 12/8/2024

Also known as:

GHSA-wwfh-28hx-w2r2ghsa

WEBweb.archive.org/web/20160603093633/http://www.securityfocus.com/bid/79197

Packagist/joomla/session