Vulnerability identifier: #VU157

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2015-8562

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 10

• May 3, 2021
  • setup-cve-2015-8562 (Docker-compose to set up a test environment for exploiting CVE-2015-8562) [Github]
• April 27, 2020
  • JoomlaMassExploiter ([discontinued] Mass exploiter of CVE 2015-8562 for Joomla! CMS) [Github]
• April 7, 2020
  • cve-2015-8562-exploit (CVE-2015-8562 Exploit in bash) [Github]
• March 18, 2020
  • joomla_rce_CVE-2015-8562 (All versions of the Joomla! below 3.4.6 are known to be vulnerable. But exploitation is possible with PHP versions below 5.5.29, 5.6.13 and below 5.5.) [Github]
  • scanner-exploit-joomla-CVE-2015-8562 () [Github]
  • Joomla_CVE-2015-8562 (A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)) [Github]
  • JoomlaMassExploiter ([discontinued] Mass exploiter of CVE 2015-8562 for Joomla! CMS) [Github]
  • Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution [Exploit-DB]
  • Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution [Exploit-DB]
  • Joomla HTTP Header Unauthenticated Remote Code Execution [Metasploit]

Impact: Code execution

Vulnerable software:
Joomla!
Web applications / CMS

Vendor: Joomla!