for your info. and a question to atomicorp if ASL covers this.
Thanks a lot.
SOURCE:[20151201] - Core - Remote Code Execution Vulnerability
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 1.5.0 through 3.4.5
Exploit type: Remote Code Execution
Reported Date: 2015-December-13
Fixed Date: 2015-December-14
CVE Numbers: requested
Description:
Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.
Affected Installs:
Joomla! CMS versions 1.5.0 through 3.4.5
Solution:
Upgrade to version 3.4.6
https://developer.joomla.org/security-c ... ility.html
Patch in branch 3.X:
https://github.com/joomla/joomla-cms/releases/tag/3.4.6
Patches for EOL versions:
https://docs.joomla.org/Security_hotfix ... L_versions