CVE-2015-8566

Joomla Session < 1.3.1 - Remote Code Execution via Session Values

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8566. PoCs published by Andrew McNicol.

AI-analyzed exploit summary This exploit leverages a PHP object injection vulnerability in Joomla (CVE-2015-8562) via the X-Forwarded-For header to achieve remote code execution. It supports both blind command execution and a reverse shell payload.

Description

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

Exploits (1)

exploitdb WORKING POC

by Andrew McNicol · pythonwebappsphp

https://www.exploit-db.com/exploits/39033

View Code ZIP pw:eip

This exploit leverages a PHP object injection vulnerability in Joomla (CVE-2015-8562) via the X-Forwarded-For header to achieve remote code execution. It supports both blind command execution and a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Joomla 1.5 - 3.4.6

No auth needed

Prerequisites: Target must be running a vulnerable version of Joomla · Network access to the target · Python environment for execution

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/79197

Vendor Advisory x_refsource_confirm

https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html

Scores

EPSS 0.0111

EPSS Percentile 78.6%

Details

Status published

Products (2)

joomla/session 1.3.0

joomla/session 0 - 1.3.1Packagist

Published Dec 16, 2015

Tracked Since Feb 18, 2026