CVE-2015-7857

Published Oct 29, 2015

Last updated 7 years ago

Overview

Description: SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83513309-01CD-411C-82EF-62C1F7F4764F"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27BABCB8-916D-452E-8848-B51B3374CE8B"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD14669F-9C13-46BA-A45B-EC0B4081D105"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370F58E9-AD21-446F-BC29-10F2A448F18E"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56C7EA5D-CEB8-45C6-A50F-577B02BBD25F"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3ED8A4-60AF-4347-8A4E-41BAF7ED09B1"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B4D693-A540-4FB3-B7F9-9746F01B44CA"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9623DC6-3822-4493-A0CC-C87134799D67"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B71C854-FDCA-40C9-BB18-D7947BE81F04"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC3861B6-CBD7-438E-A067-AEAEBB6C09B7"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA20940F-8056-4F18-8D8A-4CE1EE22327E"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6D81D1-16F7-448B-BA23-C24AAAE1A096"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "176F330D-DAC5-4D3E-823D-E59E6469D089"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E76ADE1-A88F-468B-8D9C-72B90AF2A75A"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98475DA0-9D72-4952-878B-4DD619132E66"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References