Blog > Security

Back to Blog

New Joomla Vulnerability Patch

Mon. November 2, 2015 at 8:27 PM in Security

A critical update has been released for the popular Joomla content management system. The update fixes a vulnerability that allows an attacker to perform a SQL injection attack to gain full administrative privileges to the website administration panel. The vulnerability was disclosed to Joomla by perimeterx and patched by Joomla on October 22nd in version 3.4.5.

Vulnerable populateState() function in Joomla (image courtesy perimeterx)

From perimeterx:

The discovered vulnerability allows an unauthenticated attacker to perform an SQL Injection attack on Joomla based servers running versions 3.2 through 3.4.4. Joomla is a very popular open-source Content Management System (CMS) used by no less than 2,800,000 websites (as of September 2015).

Unrestricted administrative access to a website’s database can cause disastrous effects, ranging from complete theft, loss or corruption of all the data, through obtaining complete remote control of the web server and abusing or repurposing it (for instance, as a host for malicious or criminal content), and ending in infiltration into the internal network of the organization, also-known-as lateral movement.

Users are recommended to install the latest Joomla update 3.4.5 as soon as possible.

More information about this vulnerability can be found on the perimeterx post.

More Entries in Security

Google Transparency Report

Magento Shoplift Bug Patch

Fri. October 30, 2015 at 1:53 AM