Joomla! User-Agent Object Injection RCE
High Nessus Plugin ID 88489
SynopsisThe remote web server contains a PHP application that is affected by a remote code execution vulnerability.
DescriptionThe Joomla! application running on the remote web server is affected by a remote code execution vulnerability due to improper sanitization of the User-Agent header field when saving session values. An unauthenticated, remote attacker can exploit this, via a serialized PHP object, to execute arbitrary PHP code.
SolutionUpgrade to Joomla! version 3.4.6 or later.