CVE-2015-7857

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2…

mitre·CWE-89·Published 2015-10-29

CVSS

—

EPSS

0.94

KEV

Exploits

cve.orgen

253 chars

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

NVDen

253 chars

NVDes

282 chars

Vulnerabilidad de inyección SQL en la función getListQuery en administrator/components/com_contenthistory/models/history.php en Joomla! 3.2 en versiones anteriores a 3.4.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro list[select] a index.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P