Joomla HTTP Header Remote Code Execution (CVE-2015-8562)
Overview
Joomla HTTP Header Remote Code Execution, tracked as CVE-2015-8562, affects vulnerable Joomla content management system installations. Joomla is widely used to build public websites, portals, and content-driven applications, which makes unauthenticated vulnerabilities in exposed sites especially high impact.
Vulnerability Overview
CVE-2015-8562 is a PHP object injection vulnerability in Joomla. In vulnerable versions, attacker-controlled data can be introduced through HTTP request metadata, including the User-Agent header, and later processed in a way that can lead to unsafe object handling.
The issue is severe because exploitation does not require authentication. An attacker can target an exposed Joomla site without a valid account and attempt to turn unsafe object processing into arbitrary PHP code execution.
Impact
CVE-2015-8562 has a CVSS 2.0 score of 7.5 and is rated High in NVD. The issue was also reported as exploited in the wild in December 2015, which made rapid patching important for internet-facing Joomla installations.
Successful exploitation can allow an attacker to execute arbitrary PHP code, modify website content, deploy malware, steal configuration secrets, access backend data, or use the compromised site as a foothold for further attacks. Public CMS deployments are especially exposed when outdated extensions, weak file permissions, or delayed patching increase the blast radius.
Vulnerability Scope
CVE-2015-8562 affects Joomla 1.5.x, 2.x, and 3.x before 3.4.6. The highest-risk exposure is a public Joomla site running an affected version and accepting untrusted HTTP requests from the internet.
Because the vulnerability is tied to request handling and object processing, administrators should assess the Joomla core version, patch status, server logs, and any signs of compromise around the disclosure and exploitation window.
Lab Focus
This lab focuses on understanding how PHP object injection can lead to remote code execution in a CMS environment, why unauthenticated request metadata can become dangerous, and how CMS patch level directly affects exposure. The goal is to practice recognizing the vulnerability context and impact in a controlled Hackviser environment.