Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS) Asaf also uncovered the related vulnerabilities CVE-2015-7858 and CVE- 2015-7297 as part of his research. The vulnerability can be exploited in Joomala versions 3.2 (released in November 2013) through version 3. 4.5. The code vulnerable to SQL injection is found in /administrator/components/com_contenthistory/ models/php is vulnerable to.”]
Source: https://informationsecuritybuzz.com/articles/discovering-critical-sql-vulnerability-in-joomla/