Uwe Flottemensch

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.5.x through 3.x before 3.4.6 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header. This has been exploited in the wild. **Recommendations** For versions 1.5.x, 2.x, and 3.x before 3.4.6, update to version 3.4.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! Framework Session package versions 1.x prior to 1.3.1 **Description** The issue allows remote attackers to execute arbitrary code via unspecified session values. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue.