A Web.com Partner

Critical 0-day Remote Command Execution Vulnerability in Joomla

Critical 0-day Remote Command


The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4.

This is a serious vulnerability that can be easily exploited and is already in the wild. If you are using Joomla, you have to update it right now.

Update – 2015/12/14, 17:15PM EST If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes from here. This article from OSTraining explains how to apply them.

Zero day Exploits in the Wild

What is very concerning is that this vulnerability is already being exploited in the wild and has been for the last 2 days. Repeat: This has been in the wild as a 0-day for 2 days before there was a patch available.

Looking back at our logs, we detected the first exploit targeting this vulnerability on Dec 12, at 4:49PM:

Read the whole articel below: