3aIT Blog

A fix for a nasty vulnerability in the Joomla website CMS system has now been released. Joomla provides the backend for many of the world's websites (including several of our own).

While security updates are a routine occurance for most software, this particular flaw was deemed of critical importance to patch. It was so severe, in fact, that they announced the availability in advance to give website administrators time to plan the application of the fix when it was released.

The flaw affects all websites running Joomla 3.2 to 3.4.4. It allows a remote 3rd party to hijack the session of a logged in administrator, which then allows full access to change the site. For a full breakdown of the compromise, click here.

Needless to say, we strongly advise anyone running Joomla to apply this update as soon as possible. We have already applied this update for those clients that have one of our CMS maintenance contracts. If you have a Joomla site that you're not sure how to update, you may wish to consider one of these contracts to ensure that your website is not at risk of attack.