Attention! Critical vulnerability in all versions of Joomla 1.5, 2.5,3 (CVE-2015-8562)

Tuesday, 15 December 2015 10:42

A few days ago in all versions of Joomla (1.5, 2.5, 3) found critical (0-day) vulnerability that allows an attacker to successfully attack the sites running Joomla absolutely all versions of the Exploitation of the vulnerability of RCE ("remote code execution") and, as a result, to gain complete control over the site. The attack is made possible due to insufficient filtering of variables in the HTTP request (the field HTTP_USER_AGENT, HTTP_X_FORWARDED_FOR, REMOTE_ADDR) and their subsequent use in the session object, and query a database.

Yesterday was released the patch for all versions of Joomla.

We strongly recommend that as soon as possible to update your site to close the vulnerability.

However, we want to note that you can only upgrade to Joomla version 3.x, since version 1.5 and 2.5 are no longer supported. But the community lined with patches covering these vulnerabilities for these versions. You can download them to a specific page.

If you need help - do not hesitate to contact our support.

Leave a comment

  • Payment
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2024 WebPatron Ltd. All rights reserved.