GHSA-wwfh-28hx-w2r2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wwfh-28hx-w2r2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wwfh-28hx-w2r2/GHSA-wwfh-28hx-w2r2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wwfh-28hx-w2r2
- Aliases
-
- CVE-2015-8566
- Published
- 2022-05-17T04:00:55Z
- Modified
- 2024-12-08T05:28:44.055513Z
- Summary
- Joomla! Framework Remote Code Injection Vulnerability
- Details
-
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
- Database specific
{ "nvd_published_at": "2015-12-16T21:59:00Z", "cwe_ids": [ "CWE-74" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-25T23:01:07Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8566
- https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/joomla/session/CVE-2015-8566.yaml
- https://github.com/joomla-framework/session
- https://web.archive.org/web/20160603093633/http://www.securityfocus.com/bid/79197
Affected packages
Packagist / joomla/session
Package
- Name
- joomla/session
- Purl
- pkg:composer/joomla/session