CVE-2015-7858

EXPLOITED

Joomla! 3.2-3.4.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7858 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Asaf Orpani, including a Metasploit module exploits/unix/webapp/joomla_contenthistory_sqli_rce.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Joomla's Content History component to retrieve admin session cookies, then leverages them to create a malicious PHP template file for remote code execution.

Description

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/38797

This Metasploit module exploits a SQL injection vulnerability in Joomla's Content History component to retrieve admin session cookies, then leverages them to create a malicious PHP template file for remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Joomla 3.2 to 3.4.4
No auth needed
Prerequisites: Joomla installation with vulnerable version · Active admin session
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote-auth
https://github.com/areaventuno/exploit-joomla

This repository contains a functional Python exploit for Joomla 3.2 to 3.4.4 SQL injection vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858). It automates the extraction of database credentials, user information, and session IDs via crafted SQL injection payloads.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Joomla 3.2 to 3.4.4
No auth needed
Prerequisites: Python 3.4.x · Requests module · Google Dork for target discovery
devstral-2 · analyzed Feb 26, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Asaf Orpani · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb

This Metasploit module exploits a SQL injection vulnerability in Joomla's Content History component to retrieve admin session cookies, then leverages authenticated access to upload a malicious PHP template file for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Joomla 3.2 to 3.4.4
No auth needed
Prerequisites: Joomla installation with vulnerable version · Active admin session
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77295
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033950
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38797/

Scores

EPSS 0.6911
EPSS Percentile 98.7%

Details

VulnCheck KEV 2015-10-26
CWE
CWE-89
Status published
Products (14)
joomla/joomla\! 3.2.0
joomla/joomla\! 3.2.1
joomla/joomla\! 3.2.2
joomla/joomla\! 3.2.3
joomla/joomla\! 3.2.4
joomla/joomla\! 3.3.0
joomla/joomla\! 3.3.1
joomla/joomla\! 3.3.2
joomla/joomla\! 3.3.3
joomla/joomla\! 3.3.4
... and 4 more
Published Oct 29, 2015
Tracked Since Feb 18, 2026