CVE-2015-5397

Published Jul 14, 2015

Last updated 8 years ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83513309-01CD-411C-82EF-62C1F7F4764F"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27BABCB8-916D-452E-8848-B51B3374CE8B"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD14669F-9C13-46BA-A45B-EC0B4081D105"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370F58E9-AD21-446F-BC29-10F2A448F18E"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56C7EA5D-CEB8-45C6-A50F-577B02BBD25F"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9382E8F4-30E6-473C-92F8-B8A48C28449B"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3ED8A4-60AF-4347-8A4E-41BAF7ED09B1"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B4D693-A540-4FB3-B7F9-9746F01B44CA"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9623DC6-3822-4493-A0CC-C87134799D67"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B71C854-FDCA-40C9-BB18-D7947BE81F04"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC3861B6-CBD7-438E-A067-AEAEBB6C09B7"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92F78591-585E-4571-813C-528256709932"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA20940F-8056-4F18-8D8A-4CE1EE22327E"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "228B8684-EC16-4DB7-B8EE-7C2C009FA946"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20DA0D93-26C1-4D24-993C-F07B102EAD55"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB372030-D07A-42DD-AF36-CD47EA2D8F2F"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E2143F-76E8-4BAF-8EAD-68E86EC73060"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CAEC506-1375-4BC7-BEB4-85F90491BDA7"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6D81D1-16F7-448B-BA23-C24AAAE1A096"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43B63EB2-031C-47A0-875E-6D3FF5B32D2A"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3931745-E865-419E-A252-5306A63878D0"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C1C8F45-53F2-468E-97D5-E7D1FE9F789E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References