X
    Categories: Security

Major Joomla Security Issue, Patch Required to Prevent SQL Injection

There is a major exploit on sites that are running the Joomla CMS and it appears that many sites have yet to be updated to prevent the vulnerability.

The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site.

The security issue was classified as high in severity.

Joomla released the patch last week, but many Joomla sites haven’t been patched and are being exploited.   Joomla does have updates that are somewhat automated, but they still require the user to start the update process, it isn’t done automatically like WordPress does.

They did make the unusual move to preannounce a patch would be imminent, which did mean some site owners were ready to install the patch when it released.  But it also took only 4 hours from the time Joomla released the patch to when sites started to be hit by hackers exploiting the SQL injection vulnerability.

Joomla users should update their sites immediately, and if they have been hacked – which sounds likely – they have a list of steps to follow to clean the exploit.

The following two tabs change content below.

Jennifer Slegg

Founder & Editor at The SEM Post
Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.
Jennifer Slegg :Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.