Access Control: Joomla! CMS \<=3.4.6 - Remote Code Execution¶
Identifier:
rusty_joomla
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Joomla! CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
How we test: We test for PHP object injection vulnerabilities in Joomla CMS by injecting serialized PHP objects and analyzing responses to detect if object deserialization leads to remote code execution.
Reference:
- https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/
- https://github.com/kiks7/rusty_joomla_rce
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.