Joomla! < 3.4.6 Multiple Vulnerabilities

Critical Nessus Plugin ID 87416


The remote web server contains a PHP application that is affected by multiple vulnerabilities.


According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.4.6. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists due to improper sanitization of session values. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-8562)

- A cross-site request forgery (XSRF) vulnerability exists due to HTTP requests to com_templates not requiring multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to cause the user to perform unspecified actions.

- A path traversal vulnerability exists due to improper sanitization of user-supplied input via the XML install file. (CVE-2015-8564)

- A path traversal vulnerability exists due to improper sanitization of input supplied via user requests.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Joomla! version 3.4.6 or later.

See Also

Plugin Details

Severity: Critical

ID: 87416

File Name: joomla_346.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2015/12/16

Modified: 2018/06/13

Dependencies: 21142

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSS v3.0

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:joomla:joomla\!

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/12/14

Vulnerability Publication Date: 2015/12/14

Exploitable With


Core Impact

Metasploit (Joomla HTTP Header Unauthenticated Remote Code Execution)

Reference Information

CVE: CVE-2015-8562, CVE-2015-8563, CVE-2015-8564, CVE-2015-8565

BID: 79195, 79199, 79201, 79203

EDB-ID: 38977, 39033