SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
Loading...
Loading...
Score elevated to 9.0 because EPSS predicts 92% probability of exploitation within the next 30 days (top 0.3% of all CVEs). Confidence: see factors.
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
October 29, 2015
May 6, 2026
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (2 Metasploit modules) (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)
Open source ↗Joomla Content History SQLi Remote Code Execution
Open source ↗Joomla com_contenthistory Error-Based SQL Injection
Open source ↗Joomla! Core SQL Injection
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2015-7297
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.