CVE-2015-7857

Joomla! 3.2-3.4.4 - SQL Injection via list[select] Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7857. PoCs published by Metasploit, Asaf Orpani, including Metasploit module exploits/unix/webapp/joomla_contenthistory_sqli_rce.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Joomla's Content History component to retrieve admin session cookies, then leverages them to create a malicious PHP template file for remote code execution.

Description

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/38797

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Joomla's Content History component to retrieve admin session cookies, then leverages them to create a malicious PHP template file for remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Joomla 3.2 to 3.4.4

No auth needed

Prerequisites: Joomla installation with vulnerable version · Active admin session

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Asaf Orpani · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb