What is CVE-2015-7857?

CVE-2015-7857 is a vulnerability in Joomla Joomla\!, classified under SQL Injection. Published 2015-10-29.

Is CVE-2015-7857 known to be exploited?

23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Joomla Joomla\!

CVE-2015-7857

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter…

Vulnerability class: SQL Injection

EPSS: 0.722 (98.8th percentile) — read the EPSS interpretation.

Affected products

Joomla Joomla\! — versions 3.2.0, 3.2.1, 3.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

cve@mitre.org (Exploit, x_refsource_MISC)
77295 (vdb-entry, x_refsource_BID)
1033950 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_MISC)
38797 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-7857?: CVE-2015-7857 is a vulnerability in Joomla Joomla\!, classified under SQL Injection. Published 2015-10-29.
Is CVE-2015-7857 known to be exploited?: 23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.