The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.Referenceshttp://www.securityfocus.com/bid/79197https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html
