The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site.
The security issue was classified as high in severity.
Joomla released the patch last week, but many Joomla sites haven’t been patched and are being exploited. Joomla does have updates that are somewhat automated, but they still require the user to start the update process, it isn’t done automatically like WordPress does.
They did make the unusual move to preannounce a patch would be imminent, which did mean some site owners were ready to install the patch when it released. But it also took only 4 hours from the time Joomla released the patch to when sites started to be hit by hackers exploiting the SQL injection vulnerability.
Joomla users should update their sites immediately, and if they have been hacked – which sounds likely – they have a list of steps to follow to clean the exploit.
Latest posts by Jennifer Slegg (see all)
- Google Quality Rater Guidelines Update: New Introduction, Rater Bias & Political Affiliations - December 6, 2019
- Google Updates Quality Rater Guidelines: Reputation for News Sites; Video Content Updates; Quality for Information Sites - September 13, 2019
- Google Makes Major Changes to NoFollow, Adds Sponsored & UGC Tags - September 10, 2019
- Google Updates Quality Rater Guidelines Targeting E-A-T, Page Quality & Interstitials - May 17, 2019
- Google Local Service Ads Display Pricing Estimates for Specific Locations - August 31, 2018