Joomla fixed a bug that compromised the security of millions of sites.

Millions of sites running on CMS Joomla can be hacked, with the attacker gaining administrative access to the hacked site. This is a consequence of the vulnerability in Joomla, which was fixed only last week (of course, not all sites were updated in order to get this bug fix). Joomla now runs about 2.8 million sites.

Vulnerability related to SQL injection was fixed last week, with the release of a new version of Joomla 3.4.5 . The vulnerability allowed an attacker to execute malicious code on a server running CMS Joomla, this vulnerability was discovered for the first time in November 2013, and only now it was closed.

“Since the vulnerability was discovered in a kernel module, the attacker did not need to search for any modules and extensions to use it. The problem was in the “clean” CMS, and it was (and still is) relevant for millions of sites, from Joomla 3.2 and newer versions, ”wrote Asaf Orpani, information security specialist in his blog . The vulnerability itself was cataloged with the identifier CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.
')
Introduction (injection) of SQL-code (English SQL injection) is one of the most common ways of hacking websites and programs working with databases, based on the introduction of arbitrary SQL-code into a query. SQL injection, depending on the type of DBMS used and the deployment conditions, may enable an attacker to perform an arbitrary database query (for example, read the contents of any tables, delete, modify or add data), be able to read and / or write local files and execute arbitrary commands on the attacked server.

An attack of the type of SQL injection may be possible due to incorrect processing of input data used in SQL queries.

The bug discovered by Orpani allows an attacker to open a session in a browser using an “admin” cookie. The hacker can then use the vulnerability to retrieve cookies, and download this element in his browser. After that, the attacker gets the truth administrator, with access to closed directories of the server. The vulnerability code has been added to the Metasploit framework.

If your Joomla is not yet updated, then the CMS version should be updated as soon as possible.