GitHub Advisory DatabaseGHSA-WWFH-28HX-W2R2Joomla! Framework Remote Code Injection Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
88.3%
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
Affected configurations
References
developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html
github.com/advisories/GHSA-wwfh-28hx-w2r2
github.com/FriendsOfPHP/security-advisories/blob/master/joomla/session/CVE-2015-8566.yaml
nvd.nist.gov/vuln/detail/CVE-2015-8566
web.archive.org/web/20160603093633/www.securityfocus.com/bid/79197
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
88.3%