Joomla Remote Code Execution Vulnerability Fixed

PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9
November 5, 2015
cPanel releases security patches for 20 critical vulnerabilities
January 27, 2016

December 14, 2015

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution.

Directly from the Joomla announcement:

Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code execution

I strongly recommend to Upgrade to Joomla version 3.4.6. The Unofficial fixes for Joomla! 1.5.x and 2.5.x will be provided here.

The Joomla team have not released the technical details yet. We will update you with the technical details as soon as they are available.

 

Discover more from SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

Subscribe now to keep reading and get access to the full archive.

Continue reading

Enable Notifications OK No thanks