Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7858 — SQL Injection in Joomla !

CWE-89 — SQL Injection12 documents8 sources

Severity

7.5HIGHNVD

EPSS

69.1%

top 1.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Joomla !

Timeline

PublishedOct 29

Latest updateMay 17

Description

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjoomla/joomla_!15 versions+14

🔴Vulnerability Details

GHSA

GHSA-66q2-64c3-859x: SQL injection vulnerability in Joomla! 3↗2022-05-17

▶

GHSA

GHSA-5j7c-6v58-rh4x: SQL injection vulnerability in Joomla! 3↗2022-05-17

▶

CVEList

CVE-2015-7858: SQL injection vulnerability in Joomla! 3↗2015-10-29

▶

CVEList

CVE-2015-7297: SQL injection vulnerability in Joomla! 3↗2015-10-29

▶

VulnCheck

Joomla! Joomla! Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')↗2015

▶

💥Exploits & PoCs

Exploit-DB

Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)↗2015-11-23

▶

Metasploit

Joomla Content History SQLi Remote Code Execution↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt (CVE-2015-7297 CVE-2015-7857 CVE-2015-7858)↗2015-10-22

▶

🕵️Threat Intelligence

Qualys

Protect Against the Joomla SQL Injection Vulnerability | Qualys↗2015-10-28

▶

Qualys

Protect Against the Joomla SQL Injection Vulnerability | Qualys↗2015-10-28

▶