Trustwave SpiderLabs have announced a critical SQL injection vulnerability that affects all Joomla website installations running versions 3.2 through 3.4.4. The vulnerability allows an attacker to gain full administrative access of an affected Joomla website.
Joomla has patched this in last weeks release of Joomla 3.4.5 however far from everyone has updated their websites and I wanted to take a moment to express just how important it is. If you think you’re website is too small to be attacked – you’re wrong. Sucuri reported 12,000 exploitation attempts as of this Monday – a number that is steadily growing.
Make sure you’re website is running the latest install of Joomla 3.4.5. If for some reason you absolutely MUST delay the update – log out of all your administrative accounts. This vulnerability relies on an admin account being logged into the system – so remaining logged out will, in a way, help secure you’re website. For now.