2 min read

Millions of websites at risk, as Joomla high level security flaw discovered. Update now

Graham CLULEY

December 14, 2016

Millions of websites at risk, as Joomla high level security flaw discovered. Update now

If you’re running a website of any size there is a good chance that you are using a content management system (CMS).

A CMS is the piece of software which manages all of the content on your website, ensuring that visitors get to see the webpage and images that they’re expecting to see. As such, for many websites, a CMS is an essential part of they manage to deliver content to their website’s visitors.

The CMS with the largest marketshare by far (over 50%) is WordPress – the platform which Hot for Security is running on – but next in line are Joomla and Drupal.

Although in second place, the free, open-source Joomla CMS software still powers millions of websites around the world.

Indeed, the tagline the software uses to promote itself is “Joomla! The CMS Trusted By Millions for their Websites.”

joomla-search-engine

As a result of its popularity, it’s essential that website administrators keep Joomla updated and patched to help prevent hackers from exploiting security holes.

Version 3.6.5 of Joomla has just been released, addressing security issues and fixing some bugs.

The most important issue that Joomla 3.6.5 addresses is an elevated privileges flaw in all versions of Joomla from 1.6.0 – 3.6.4, which could allow a malicious attacker to modify existing user account, including resetting usernames, user group assignments and (gulp!) passwords.

The implication is that an attacker could even create a brand new account on the site they are targeting, and then escalate its privileges to give it ‘god-like’ abilities on the site, and upload a remote shell to further compromise the server.

With a vulnerability as bad as that, it’s easy to understand why Joomla is telling users to update their websites as soon as possible.

In fact, the chances are that malicious attackers are already searching the net looking for vulnerable sites.

joomla-3-6-5

The worry is, of course, that some websites may never be updated – making easy picking for malicious attackers.

If you run a website powered by Joomla, please take security seriously. Reduce the risk of your site being compromised by updating to the latest version of your CMS, and ensuring that you keep a close eye in the future on emerging security issues.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read