# Key Information ## Vulnerability Overview - **Name**: Joomla HTTP Header Unauthenticated Remote Code Execution - **Disclosure Date**: December 14, 2015 - **Creation Date**: May 30, 2018 ## Description - **Affected Versions**: All versions of Joomla from 1.5.0 to 3.4.5. - **Vulnerability Details**: By storing user-supplied headers in the session table of the database, input can be truncated by sending a UTF-8 character. This creates a custom payload that is executed when the session is read from the database. Requires specific versions of PHP (below 5.4.45). - **Fix Status**: The PHP patch is included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20, as well as Debian version 5.4.45-0+deb7u1. ## Authors - Marc-Alexandre Montpas - Christian Mehlmauer, [FireFart@gmail.com](mailto:FireFart@gmail.com) ## Platform and Architecture - **Platform**: PHP - **Architecture**: php ## References - [Source Code](#) - [History](#) ## Module Options - Load this module in the Metasploit console and run the commands 'show options' or 'show advanced' to display available options. ``` msf > use exploit/multi/http/joomla_http_header_rce msf exploit(joomla_http_header_rce) > show targets ... targets ... msf exploit(joomla_http_header_rce) > set TARGET msf exploit(joomla_http_header_rce) > show options ... show and set options ... msf exploit(joomla_http_header_rce) > exploit ```