CVE-2015-5397

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html	Vendor Advisory
http://www.securityfocus.com/bid/76495
http://www.securitytracker.com/id/1032796
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html	Vendor Advisory
http://www.securityfocus.com/bid/76495
http://www.securitytracker.com/id/1032796

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joomla:joomla\!:3.2.0:::::::*
	cpe:2.3:a:joomla:joomla\!:3.2.1:::::::*
	cpe:2.3:a:joomla:joomla\!:3.2.2:::::::*
	cpe:2.3:a:joomla:joomla\!:3.2.3:::::::*
	cpe:2.3:a:joomla:joomla\!:3.2.4:::::::*
	cpe:2.3:a:joomla:joomla\!:3.2.5:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.0:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.1:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.2:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.3:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.4:::::::*
	cpe:2.3:a:joomla:joomla\!:3.3.5:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.0:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.0:alpha::::::
	cpe:2.3:a:joomla:joomla\!:3.4.0:beta1::::::
	cpe:2.3:a:joomla:joomla\!:3.4.0:beta2::::::
	cpe:2.3:a:joomla:joomla\!:3.4.0:beta3::::::
	cpe:2.3:a:joomla:joomla\!:3.4.0:rc1::::::
	cpe:2.3:a:joomla:joomla\!:3.4.1:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.1:rc1::::::
	cpe:2.3:a:joomla:joomla\!:3.4.1:rc2::::::
	cpe:2.3:a:joomla:joomla\!:3.4.2:rc1::::::

History

No history.

Information

Published : 2015-07-14 16:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-5397

Mitre link : CVE-2015-5397

CVE.ORG link : CVE-2015-5397

JSON object : View

Products Affected

joomla

joomla\!

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2015-5397", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-07-14T16:59:04.953", "references": [{"url": "http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/76495", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1032796", "source": "cve@mitre.org"}, {"url": "http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76495", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032796", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n de sitios cruzados (CSRF) en Joomla! 3.2.0 a trav\u00e9s de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas para enviar peticiones que descargan c\u00f3digo a trav\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83513309-01CD-411C-82EF-62C1F7F4764F"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27BABCB8-916D-452E-8848-B51B3374CE8B"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD14669F-9C13-46BA-A45B-EC0B4081D105"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "370F58E9-AD21-446F-BC29-10F2A448F18E"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56C7EA5D-CEB8-45C6-A50F-577B02BBD25F"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9382E8F4-30E6-473C-92F8-B8A48C28449B"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A3ED8A4-60AF-4347-8A4E-41BAF7ED09B1"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B4D693-A540-4FB3-B7F9-9746F01B44CA"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9623DC6-3822-4493-A0CC-C87134799D67"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B71C854-FDCA-40C9-BB18-D7947BE81F04"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC3861B6-CBD7-438E-A067-AEAEBB6C09B7"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F78591-585E-4571-813C-528256709932"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA20940F-8056-4F18-8D8A-4CE1EE22327E"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "228B8684-EC16-4DB7-B8EE-7C2C009FA946"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DA0D93-26C1-4D24-993C-F07B102EAD55"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB372030-D07A-42DD-AF36-CD47EA2D8F2F"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E2143F-76E8-4BAF-8EAD-68E86EC73060"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CAEC506-1375-4BC7-BEB4-85F90491BDA7"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6D81D1-16F7-448B-BA23-C24AAAE1A096"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B63EB2-031C-47A0-875E-6D3FF5B32D2A"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3931745-E865-419E-A252-5306A63878D0"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C1C8F45-53F2-468E-97D5-E7D1FE9F789E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}