Attention! Critical vulnerability in all versions of Joomla 1.5, 2.5,3 (CVE-2015-8562)

Blog Categories

Basket of services

Company news

Thursday, 24 December 2015: Merry Christmas and Happy New Year!
Monday, 20 April 2015: Accepting payments through payment system Webmoney and Z-Payment restored
Saturday, 18 April 2015: Unavailable accepting payments via Webmoney and Z-Payment
Thursday, 05 March 2015: To order new services are available - DNS hosting and secondary DNS server
Wednesday, 25 February 2015: Added new ways to pay for services

Recent blog posts

Attention! Critical vulnerability in all versions of Joomla 1.5, 2.5,3 (CVE-2015-8562)

Tuesday, 15 December 2015 10:42

A few days ago in all versions of Joomla (1.5, 2.5, 3) found critical (0-day) vulnerability that allows an attacker to successfully attack the sites running Joomla absolutely all versions of the Exploitation of the vulnerability of RCE ("remote code execution") and, as a result, to gain complete control over the site. The attack is made possible due to insufficient filtering of variables in the HTTP request (the field HTTP_USER_AGENT, HTTP_X_FORWARDED_FOR, REMOTE_ADDR) and their subsequent use in the session object, and query a database.

Yesterday was released the patch for all versions of Joomla.

We strongly recommend that as soon as possible to update your site to close the vulnerability.

However, we want to note that you can only upgrade to Joomla version 3.x, since version 1.5 and 2.5 are no longer supported. But the community lined with patches covering these vulnerabilities for these versions. You can download them to a specific page.

If you need help - do not hesitate to contact our support.

Tagged under:

Read: 8716 times