Number: IRCNE2015102665
Date: 2015/10/25
According to “computerworlduk”, Joomla, a popular content management system, released patches on Thursday for a vulnerability that can allow an attacker to get full administrative access to a website.
Joomla versions 3.2 through 3.4.4 are vulnerable, and the latest version is 3.4.5.
The SQL injection flaw was found by Asaf Orphani, a researcher with Trustwave's SpiderLabs, and Netanel Rubin of PerimeterX.
SQL injection flaws occur when a backend database executes a malicious query when it shouldn't. The type of vulnerability is one of the most prevalent ones within web applications.
In the case of Joomla, Orpani found he could extract a session ID for Joomla's database.
Since Joomla can also accommodate shopping cart such as VirtueMart, e-commerce sites are also vulnerable to being exploited, Orphani wrote.
- 13