WiredTree users, a network managed hosting provider based in Chicago providing servers and VPS hosting solutions dedicated, has warned against the popular Joomla! content management system (CMS) that they should update or patch installation immediately. The warning is prompted by an execution vulnerability serious remote code, widely publicized in recent Ars Technica, which is being actively exploited by criminals, with a high risk of unpatched be targeted sites.
The vulnerability affects all versions of Joomla! prior to version 3.4.6. Users running the latest 3.X branch Joomla! should move to version 3.4.6. Users of versions End of Life 1.5.x and 2.5.x can apply hot-fixes made available by the developers of Joomla !, and ideally should update actively maintained versions of CMS as soon as possible.
Joomla, while not as popular as WordPress, has a large user base, especially in the business and from large scale publishers . According WiredTree, Joomla! should not be distinguished as insecurity - these vulnerabilities have been found in all major content management systems over the years - but it is important to make Joomla! users aware that they should update as soon as possible.
"As a managed web hosting company, we support a large number of customers who use Joomla because it is a great content management system," says Zac Cogswell, President of WiredTree . "But we think that because the vulnerability is widespread and is being actively exploited, it is important to get the news out to as many Joomla users we can -! To update your website immediately"
the vulnerability is a result of how Joomla! handles data session , essentially allowing an attacker to exploit HTTP headers user agent to insert arbitrary data in the site database. From this point, it is relatively simple to have arbitrary code executed by the content management system, according WiredTree.
0 Komentar