Trustwave SpiderLabs have announced a critical SQL injection vulnerability that affects all Joomla website installations running versions 3.2 through 3.4.4. The vulnerability allows an attacker to gain full administrative access of an affected Joomla website.

Joomla has patched this in last weeks release of Joomla 3.4.5 however far from everyone has updated their websites and I wanted to take a moment to express just how important it is. If you think you’re website is too small to be attacked – you’re wrong. Sucuri reported 12,000 exploitation attempts as of this Monday – a number that is steadily growing.

Make sure you’re website is running the latest install of Joomla 3.4.5. If for some reason you absolutely MUST delay the update – log out of all your administrative accounts. This vulnerability relies on an admin account being logged into the system – so remaining logged out will, in a way, help secure you’re website. For now.

Published by Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Leave a comment

Your email address will not be published. Required fields are marked *