Hackers actively exploit critical vulnerability in sites running Joomla

Moltuae

Moltuae

Rest In Peace
Reaction score
3,669
Location
Lancs, UK
Article Link: http://arstechnica.com/security/201...itical-vulnerability-in-sites-running-joomla/
Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.

A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.
Click to expand...

Problem is, the patch is only for version 3.x it seems. If you have any customers with older Joomla sites (as I have), looks like the only option is to fully upgrade those sites to 3.x.


UPDATE:
https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
For those on the 3.x branch, update immediately to 3.4.6. There will be unofficial fixes for Joomla! 1.5.x and 2.5.x provided soon. Anyone using those versions should stay aware and update as soon as possible.
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

Porthos
Dell SupportAssist Bug Exposes Business, Home PCs to Attacks
Replies
10
Views
1K
britechguy
britechguy
phaZed
Apple most insecure system by virtue of marketing and denial
Replies
0
Views
2K
phaZed
phaZed
Slaters Kustum Machines
Kaspersky PM 5.0.0.164 - Software Filter Vulnerability
Replies
1
Views
2K
ArtemusComputerTechnology
ArtemusComputerTechnology
Back
Top