Medium
A vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites.
It’s a PHP object injection that can lead to remote code execution (RCE) under certain scenarios. For example, it can be exploited via the Joomla CMS’ login form and can allow attackers to execute code on the site’s underlying server.
The vulnerability is trivial to exploit, and proof-of-concept exploit code has been published online.
Remote code execution
Joomla
Joomla content management system (CMS) from versions 3.0.0 to 3.4.6.
Update to version of 3.4.7 or later.