From 595645bcd7537666bbf2b34aee002ec7a9827f8a Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Wed, 16 Dec 2015 07:03:01 +0100 Subject: [PATCH] update description --- modules/exploits/multi/http/joomla_http_header_rce.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/multi/http/joomla_http_header_rce.rb b/modules/exploits/multi/http/joomla_http_header_rce.rb index 8e34e7a35a..053a0c8042 100644 --- a/modules/exploits/multi/http/joomla_http_header_rce.rb +++ b/modules/exploits/multi/http/joomla_http_header_rce.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' => %q{ - Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5 to 3.4. + Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13.