back to article Joomla patches critical core shop-pwning flaw

Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version …

  1. BenBell

    Ah Damnit, I've got 2 Joomla shops active at the minute... Time to get patching (again!). Normally I check for updates at the beginning of every month, but time to make an exception.

    1. Random K

      Also,

      You should really consider subscribing to the Joomla security news feed here: http://feeds.joomla.org/JoomlaSecurityNews. Beats checking randomly or waiting for something bad enough to warrant an article somewhere. Why this isn't easier to find on their site is beyond me.

    2. nedge2k

      You really shouldn't be running two online shops with practices like that. You're begging to be hacked. I hope to god you at least re-located the admin logins and moved the config out of the web root when you set the sites up (unless of course recent Joomlas do that for you - not used it since 1.5x)

  2. Your alien overlord - fear me

    So the tat baazar gives away Paypal and is now wide open to misuse. Coincidence?

    1. nedge2k

      eBay itself doesn't run on Joomla - just an internal project of theirs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021