Critical Vulnerability in Joomla 2.5 - 3.3x (CVE-2014-7228)

Wednesday, 01 April 2015 21:53

September 30, 2014 it became known about the vulnerability in the software company Akeeba. The vulnerability allows remote upload shell, with no rights in the system. Are affected as the products themselves Akeeba: Akeeba Backup, Akeeba Solo, Akeeba CMS Update, Akeeba Admin Tools, and WARNING: all versions of Joomla 2.5 to version 2.5.27, and 3 to version 3.3.5.

The fact that the standard Joomla component updates using scripts of Akeeba. And Akeeba Joomla and released their updates, covering this vulnerability, but they did not consider it a critical vulnerability, and so many people do not pay much attention to it.

Indeed, a hacker could exploit this vulnerability only when you make a backup copy of your site, or are upgrading the site. That is, it is only a few seconds of which the hacker must still somehow and learn.

How does this work:

Error allows an attack is in the file restore.php, which in Joomla is located at administrator/components/com_joomlaupdate/restore.php. When you are upgrading for example, the next to the file to a temporary file is created more restoration.php, which is automatically deleted upon completion of the update. While restoration.php file exists, an attacker can send a special request to the file restore.php and pour on your site anything. Time has very little, as the update takes a few seconds. That is why no reference to the vulnerability did not attach.

But there is one big BUT. If in the process of updating the error occurred (which is quite often the case), then the file is not deleted restoration.php, and continues to be next to the file restore.php. And your site turns into a full screen, an attacker can now fill the shell anytime.

To fix vulnerabilities enough to update Joomla and components from Akeeba to the latest version. Before you upgrade, we recommend that you look into the folder administrator / components / com_joomlaupdate / and see if there is a file restoration.php. If it is, then it is possible that your site is already hacked.

If the update for some reason can not be performed, then to correct this vulnerability is sufficient to replace the file restore.php to the new version, where the vulnerability is closed. You can download this file is there.

If you need help - you can always contact our specialists.

Leave a comment

  • Payment
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2024 WebPatron Ltd. All rights reserved.