### [CVE-2015-8562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8562)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

### POC

#### Reference
- http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html
- https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
- https://www.exploit-db.com/exploits/38977/
- https://www.exploit-db.com/exploits/39033/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Caihuar/Joomla-cve-2015-8562
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RobinHoutevelts/Joomla-CVE-2015-8562-PHP-POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/VoidSec/Joomla_CVE-2015-8562
- https://github.com/WangYihang/Exploit-Framework
- https://github.com/ZaleHack/joomla_rce_CVE-2015-8562
- https://github.com/atcasanova/cve-2015-8562-exploit
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/emtee40/google-explorer
- https://github.com/guanjivip/CVE-2015-8562
- https://github.com/hktalent/bug-bounty
- https://github.com/iGio90/hacking-stuff
- https://github.com/jweny/pocassistdb
- https://github.com/lorenzodegiorgi/setup-cve-2015-8562
- https://github.com/paralelo14/CVE-2015-8562
- https://github.com/paralelo14/google_explorer
- https://github.com/parzel/rusty-joomla-rce
- https://github.com/shakenetwork/google_explorer
- https://github.com/thejackerz/scanner-exploit-joomla-CVE-2015-8562
- https://github.com/tmuniz1/Scripts
- https://github.com/trganda/dockerv
- https://github.com/tthseus/Deserialize
- https://github.com/wild0ni0n/wild0ni0n
- https://github.com/xnorkl/Joomla_Payload