Joomla! 1.5 < 3.4.5 RCE

Description

OS Command Execution, also known as Command Injection, is a severe vulnerability that allows attackers to execute arbitrary commands on the host operating system. Attackers exploit this vulnerability by injecting malicious commands through forms, cookies, or HTTP headers. These commands run with the privileges of the vulnerable application, leading to unauthorized access, data theft, and system compromise.

Recommendation

Upgrade Joomla! to the latest stable version.

References

• Joomla!
• OWASP: Command Injection
• CVE-2015-8562
• CWE-20
• CWE-78
• CAPEC-88
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Joomla! Component Com_contenthistory SQLI - CVE-2015-7858, CVE-2015-7857, CVE-2015-7297
• Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 'alias' SQLI - CVE-2018-6583
• Joomla! 'J2Store < 3.3.7' SQL Injection - CVE-2019-9184
• WordPress 4.6 Blind OS Command Execution - CVE-2016-10033

Tags:

Joomla

RCE

Command Injection

Input Validation

Injection