Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Joomla receives patches for zero-day SQL injection vulnerability, other flaws

Lucian Constantin | March 11, 2014
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.

"If you have Gmail authentication enabled, someone would be able to bypass your authentication by registering a Gmail address with the same name," Cid explained. "Say you have a user name called 'mysiteadmin,' I could go to Gmail and register mysiteadmin@gmail.com and get access to your site."

It's not clear how many Joomla-based websites are on the Internet, but according to statistics from W3Techs, a service that gathers data about the use of various Web technologies, Joomla is the second most popular CMS after WordPress. The W3Techs data also shows that only around 8 percent of Joomla sites use 3.x versions of the software, while over 50 percent still use 1.x versions that are no longer supported.

Even though it has a smaller user base than WordPress, Joomla has been heavily targeted by attackers lately and is in fact the most frequently attacked platform, according to data from Sucuri's website firewall product, Cid said. The large number of Joomla sites using versions 1.x of the CMS are at serious risk, because they can't be easily patched and upgrading them to a new version is not straightforward, he said.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.