Loading
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Use CWE-20, Joomla vendor hub and Joomla\! product page to widen CVE-2015-8562 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2009-4789, CVE-2010-1470 and CVE-2010-0694 for nearby disclosures in the same product family.