Unpatched Joomla! vulnerabilities

Follow

Summary

Joomla! has had many security problems of various levels of importance reported over its lifetime.  Our scanners have detected one of the more serious vulnerabilities.  These vulnerabilities are typically addressed by simply updating your Joomla! installation and plugins to more recent versions.

If you need specific details for the vulnerabilities that our scanners have detected, please ask on your support ticket.

Impact

The impact will depend on the specific Joomla! vulnerability detected in your website.  In some cases, the vulnerability can be used to compromise your website; e.g. vandalize it or steal information such as user details.  In other cases, it can be used to attack the users of your site; e.g. to trick unsuspecting users into revealing passwords, and other information that could be used for identity theft.

Solution

We recommend the following approach:

  • Find out what version of Joomla! your site is currently running.
  • Go to the Joomla! Security Announcements feed
  • Read through the recent announcements, and identify an appropriate version that 1) is newer than your current one, and 2) doesn't also have vulnerabilities. Generally speaking, this will be the latest Joomla! version listed as a "Solution".
  • Upgrade by following standard Joomla! upgrade procedures.  This includes checking plugin compatibility, and if necessary upgrading or replacing insecure plugins / plugin functionality.
  • Subscribe to a Joomla! security channel to get notifications of vulnerabilities as soon as they become known.

For more information on Joomla! Security issues, we recommend that you consult the Joomla! Security resources.

Have more questions? Submit a request

Comments

Powered by Zendesk