Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Attackers Targeting Unpatched Joomla Sites Through SQL Injection Vulnerability

Attackers Targeting Unpatched Joomla Sites Through SQL Injection Vulnerability


Following the disclosure of a critical SQL injection vulnerability in Joomla, attacks are being carried out against sites running old, unpatched versions of the content management system Joomla. Security experts warned that it would be easy for an attacker to gain full control of a website and execute additional attacks through the vulnerability. 4 hours after the disclosure from both Joomla and Trustwave, attackers began narrowing their sights on the two popular Joomla sites. Two scans were found to be deployed. When the attackers discovered a website running an older, vulnerable version, then they leveraged the exploit and ran a payload to extract the user’s session. The vulnerability previously existed in versions 3.2 to 3.4.4 of the CMS. Administrators of websites are advised to apply the updates to prevent any attack on the vulnerable systems.
 
Net Security
 
Threatpost
 
IT Security News
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis