Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

Market admins are advised to upgrade to version 3.4.5 if your backend uses Joomla.

Details here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/

Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.


Comments


[1 Points] None:

If market admins wait to see new vulnerabilities posted on /r/DNM before they patch they are almost certainly hacked already.