Joomla team discloses data breach – ZDNet
Joomla team discloses data breach ZDNet
“data breach” – read more
Tag Archive for: Joomla
For eight years, hackers have been able to exploit this password-stealing flaw in Joomla
For the last eight years a critical vulnerability has lurked within the code of the Joomla CMS which could have allowed malicious hackers to steal every user’s login credentials – including those belonging to administrators.
Read more in my article on the Hot for Security blog.
Joomla bug puts millions of websites at risk of remote takeover hacks
Enlarge / Here’s the control panel hackers can access by exploiting a just-patched Joomla vulnerability. (credit: Spiderlabs)
Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.
The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.
“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.