2 min read

Millions of websites at risk, as Joomla high level security flaw discovered. Update now

Graham CLULEY

December 14, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Millions of websites at risk, as Joomla high level security flaw discovered. Update now

If you’re running a website of any size there is a good chance that you are using a content management system (CMS).

A CMS is the piece of software which manages all of the content on your website, ensuring that visitors get to see the webpage and images that they’re expecting to see. As such, for many websites, a CMS is an essential part of they manage to deliver content to their website’s visitors.

The CMS with the largest marketshare by far (over 50%) is WordPress – the platform which Hot for Security is running on – but next in line are Joomla and Drupal.

Although in second place, the free, open-source Joomla CMS software still powers millions of websites around the world.

Indeed, the tagline the software uses to promote itself is “Joomla! The CMS Trusted By Millions for their Websites.”

joomla-search-engine

As a result of its popularity, it’s essential that website administrators keep Joomla updated and patched to help prevent hackers from exploiting security holes.

Version 3.6.5 of Joomla has just been released, addressing security issues and fixing some bugs.

The most important issue that Joomla 3.6.5 addresses is an elevated privileges flaw in all versions of Joomla from 1.6.0 – 3.6.4, which could allow a malicious attacker to modify existing user account, including resetting usernames, user group assignments and (gulp!) passwords.

The implication is that an attacker could even create a brand new account on the site they are targeting, and then escalate its privileges to give it ‘god-like’ abilities on the site, and upload a remote shell to further compromise the server.

With a vulnerability as bad as that, it’s easy to understand why Joomla is telling users to update their websites as soon as possible.

In fact, the chances are that malicious attackers are already searching the net looking for vulnerable sites.

joomla-3-6-5

The worry is, of course, that some websites may never be updated – making easy picking for malicious attackers.

If you run a website powered by Joomla, please take security seriously. Reduce the risk of your site being compromised by updating to the latest version of your CMS, and ensuring that you keep a close eye in the future on emerging security issues.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read