DaDecky

3 exploits Active since Dec 2015
CVE-2015-8562 GITHUB python WORKING POC
Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVE-2016-8870 GITHUB HIGH python WORKING POC
Joomla! < 3.6.3 - Unauthenticated User Account Creation via UsersModelRegistration
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
CVSS 8.1
CVE-2017-8917 GITHUB CRITICAL python WORKING POC
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 9.8