Sign in / up

back to article Joomla patches critical core shop-pwning flaw

Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. BenBell

    Ah Damnit, I've got 2 Joomla shops active at the minute... Time to get patching (again!). Normally I check for updates at the beginning of every month, but time to make an exception.

    0 0 Reply
    1. Random K
      Reply Icon

      Also,

      You should really consider subscribing to the Joomla security news feed here: http://feeds.joomla.org/JoomlaSecurityNews. Beats checking randomly or waiting for something bad enough to warrant an article somewhere. Why this isn't easier to find on their site is beyond me.

      3 0 Reply
    2. nedge2k
      Reply Icon

      You really shouldn't be running two online shops with practices like that. You're begging to be hacked. I hope to god you at least re-located the admin logins and moved the config out of the web root when you set the sites up (unless of course recent Joomlas do that for you - not used it since 1.5x)

      0 0 Reply
  2. Your alien overlord - fear me

    So the tat baazar gives away Paypal and is now wide open to misuse. Coincidence?

    0 0 Reply
    1. nedge2k
      Reply Icon

      eBay itself doesn't run on Joomla - just an internal project of theirs.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like