Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution.

Directly from the Joomla announcement:

Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code execution

I strongly recommend to Upgrade to Joomla version 3.4.6. The Unofficial fixes for Joomla! 1.5.x and 2.5.x will be provided here.

The Joomla team have not released the technical details yet. We will update you with the technical details as soon as they are available.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.