'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:joomla_php_inject(Rule ID:1070210007)

Release Date2025/9/15

Rule NameCVE-2015-8562: Joomla! PHP Object Inject Attack

Severity:high

CVE IDCVE-2015-8562

 

Descripiton

Joomla! is a free and open-source content management system(CMS) for publishing web content. It is built on a model-view-controller web application framework that can be used independently of the CMS. Joomla 1.5x, 2.x and 3.x before 3.4.6 has vulnerability which allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header. This rule supports to defend the A6: Vulnerable and Outdated Components and A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.