CVE-2015-7859

Published: Oct 29, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected (15)

Products: Joomla: Joomla!

Joomla

1 product

Joomla!

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	Version 3.2.0
Joomla Joomla!	Version 3.2.1
Joomla Joomla!	Version 3.2.2
Joomla Joomla!	Version 3.2.3
Joomla Joomla!	Version 3.2.4
Joomla Joomla!	Version 3.3.0
Joomla Joomla!	Version 3.3.1
Joomla Joomla!	Version 3.3.2
Joomla Joomla!	Version 3.3.3
Joomla Joomla!	Version 3.3.4
Joomla Joomla!	Version 3.4.0
Joomla Joomla!	Version 3.4.1
Joomla Joomla!	Version 3.4.2
Joomla Joomla!	Version 3.4.3
Joomla Joomla!	Version 3.4.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html

Source: cve@mitre.org

http://www.securitytracker.com/id/1033950

Source: cve@mitre.org

http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033950

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.