The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site.
The security issue was classified as high in severity.
Joomla released the patch last week, but many Joomla sites haven’t been patched and are being exploited. Joomla does have updates that are somewhat automated, but they still require the user to start the update process, it isn’t done automatically like WordPress does.
They did make the unusual move to preannounce a patch would be imminent, which did mean some site owners were ready to install the patch when it released. But it also took only 4 hours from the time Joomla released the patch to when sites started to be hit by hackers exploiting the SQL injection vulnerability.
Joomla users should update their sites immediately, and if they have been hacked – which sounds likely – they have a list of steps to follow to clean the exploit.
Latest posts by Jennifer Slegg (see all)
- Google Updates Quality Rater Guidelines Targeting E-A-T, Page Quality & Interstitials - May 17, 2019
- Google Local Service Ads Display Pricing Estimates for Specific Locations - August 31, 2018
- Google Testing “Relevant History” Section in Mobile Search Results - August 31, 2018
- Google Converts PDFs, DOCs, XLS etc into HTML for Indexing - August 30, 2018
- Why Google Shows Featured Snippets With Images from Another Site - August 29, 2018