id2957383castle538722100600887orig
Security

Joomla patches critical remote execution bug

The open-source project behind the widely used Joomla content management system has issued a patch for a vulnerability that is now being widely used by hackers.

Sucuri, a company that specializes in securing websites, wrote on Monday that attackers have been trying exploit the flaw for the last two days.

As of Monday, Sucuri said "the wave of attacks is even bigger, with basically every site and honeypot we have being attacked. That means that probably every other Joomla site out there is being targeted as well."

The vulnerability, which affects Joomla versions 1.5 to 3.4.5, involves the user agent string, which is information transmitted by a browser to a Web server when a user visits a Web page.

The user agent string includes the browser type and version and the computer's operating system and version. It is used by Web servers to deliver an appropriate version of a website, such as a mobile versus a desktop version.

Attackers are "doing an object injection via the HTTP user agent that leads to a full remote command execution," Sucuri said.

Because many websites use Joomla, it presents an attractive target. If a Joomla site is compromised, attackers may be able to plant malicious code on a page or redirect people to other malicious sites.

Users are advised to upgrade to version 3.4.6, which is available here. Joomla is used by companies including eBay, Peugeot and Barnes & Noble.

 

IDG Insider

PREVIOUS ARTICLE

« Dell maneuvers toward EMC takeover with no rivals in sight

NEXT ARTICLE

F5 Networks brings back retired exec after CEO resigns over "personal conduct" »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?