[20151205] - Session - Remote Code Execution Vulnerability
- Details
- Joomla RSS Sicherheit
- Kategorie: Joomla News
Project: Joomla! Framework
SubProject: Session
Severity: High
Versions: 1.0.0 through 1.3.0
Exploit type: Remote Code Execution
Reported Date: 2015-December-13
Fixed Date: 2015-December-14
CVE Number: CVE-2015-8566
Description
Browser information is not filtered properly while saving the session values which leads to a Remote Code Execution vulnerability.
Affected Versions
Joomla! Framework Session package versions 1.0.0 through 1.3.0
Solution
Upgrade to version 1.3.1
Contact
The JSST at the Joomla! Security Centre.
Reported By: Uwe Flottemensch
- Zugriffe: 1588