Menu
Joomla releases patch for serious SQLi flaw

Joomla releases patch for serious SQLi flaw

The secure version is 3.4.5

Joomla, a popular content management system, released patches on Thursday for a vulnerability that can allow an attacker to get full administrative access to a website.

Joomla versions 3.2 through 3.4.4 are vulnerable, and the latest version is 3.4.5.

The SQL injection flaw was found by Asaf Orphani, a researcher with Trustwave's SpiderLabs, and Netanel Rubin of PerimeterX.

SQL injection flaws occur when a backend database executes a malicious query when it shouldn't. The type of vulnerability is one of the most prevalent ones within web applications.

In the case of Joomla, Orpani found he could extract a session ID for Joomla's database.

"By pasting the session ID we've extracted -- that of an administrator in this case -- to the cookie section in the request to access the /administrator/ folder, we're granted administrator privileges and access to the administrator Control Panel," he wrote in a blog post.

Since Joomla can also accommodate shopping cart such as VirtueMart, e-commerce sites are also vulnerable to being exploited, Orphani wrote.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments