Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7297SQL Injection in Joomla !

CWE-89SQL Injection15 documents10 sources
Severity
7.5HIGHNVD
EPSS
91.6%
top 0.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedOct 29
Latest updateMay 17

Description

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDjoomla/joomla_!15 versions+14

🔴Vulnerability Details

5
GHSA
GHSA-66q2-64c3-859x: SQL injection vulnerability in Joomla! 32022-05-17
GHSA
GHSA-5j7c-6v58-rh4x: SQL injection vulnerability in Joomla! 32022-05-17
CVEList
CVE-2015-7858: SQL injection vulnerability in Joomla! 32015-10-29
CVEList
CVE-2015-7297: SQL injection vulnerability in Joomla! 32015-10-29
VulnCheck
Joomla! Joomla! Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2015

💥Exploits & PoCs

4
Exploit-DB
Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)2015-11-23
Metasploit
Joomla com_contenthistory Error-Based SQL Injection
Metasploit
Joomla Content History SQLi Remote Code Execution
Nuclei
Joomla! Core SQL Injection

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt (CVE-2015-7297 CVE-2015-7857 CVE-2015-7858)2015-10-22

🕵️Threat Intelligence

3
Qualys
Protect Against the Joomla SQL Injection Vulnerability | Qualys2015-10-28
Qualys
Protect Against the Joomla SQL Injection Vulnerability | Qualys2015-10-28
Greynoiseio
NoiseLetter September 2024
CVE-2015-7297 — SQL Injection in Joomla ! | cvebase