CVE-2015-8566 – joomla/session

Package

Manager: composer
Name: joomla/session
Vulnerable Version: >=0 <1.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01871 pctl0.82395

Details

Joomla! Framework Remote Code Injection Vulnerability The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

Metadata

Created: 2022-05-17T04:00:55Z
Modified: 2024-04-25T23:01:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wwfh-28hx-w2r2/GHSA-wwfh-28hx-w2r2.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-wwfh-28hx-w2r2
Finding: F184
Auto approve: 1