Joomla Critical Zero-Day Vulnerability (RCE)

posted by Farhan Mirajkar on December 20, 2015

Joomla Vulnerability

A recent exploit has been brought to our attention that affects all Joomla users. This remote command execution vulnerability takes advantage of a security hole affecting all version fo Joomla between 1.5 and 3.4.5. We highly recommend updating your Joomla installation using the most recent patch.

What is a zero-day vulnerability?
A zero-day vulnerability is an exploit that’s been found prior to the developer being made aware. Hackers may exploit these security holes using malware or spyware to infiltrate personal data, force out spam, or redirect traffic from the intended web address. The main issue with these types of vulnerabilities is that the developers then need race to implement a fix before users are negatively impacted by malicious content.

How does this affect Joomla users?
This exploit allows people who would otherwise be unable to access your hosting platform to run commands from a remote location to perform potentially malicious tasks from your hosting account. Though we do have many defences in place to ensure this doesn’t get out of hand and affect other customers, it is essential that clients running Joomla update their installation to eliminate the risk of their website becoming compromised.

If you are a Joomla user and have not yet updated your installation, we ask that you check your logs as soon as possible. Particularly, look out for requests from 146.0.72.83, 74.3.170.33, or 194.28.174.106 as these IP addresses are known to be using the exploit (source: Securi.net). If you do find them within your logs, consider your Joomla site compromised and contact your developer to have them help resolve this issue as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *