Joomla! recently announced 4 core vulnerabilities regarding the user password reset system. The problems were quickly resolved and so, a Joomla! system update was provided along with details about the vulnerabilities.
Congratulations to the Joomla! Team for it’s fast response and solution.
The security vulnerabilities:
- Crucial: Core - Remote Code Execution (affecting Joomla 1.5 through 3.4.5)
- Core - CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5)
- Directory Traversal (affecting Joomla 3.2.0 through 3.4.5)
- Directory Traversal (affecting Joomla 3.4.0 through 3.4.5)
If you would like to learn more about this, have a look at the Joomla! 3.4.6 release announcement.
Don’t think that this is something Joomla! specific - a similar hack has been applied for Wordpress installations as well. This involves the lack of support of MySQL’s utf8_general_ci collation for 4 byte UTF-8 characters.
Good news for RSFirewall! users: RSFirewall! was quickly updated to protect you from such threats and potential attacks. We introduced a new active scanner option that would detect and block such hacking attempts. No additional configuration required. Just make sure that you are using the 2.9.2 version.
Our advice?
Keep your Joomla! and RSFirewall! security extension up to date constantly. Both can be easily updated and are constantly improved for your benefit. Stay safe!
Get your RSFirewall! now with a 20% discount coupon for purchases! (Available until 20 December)
Patches are being provided for all Joomla! versions (1.5 upwards), but RSFirewall! will protect your sites on both Joomla! 3.x and 2.5 installations.
QuoteRS Firewall
I was curious if RS Firewall will help with the security vulnerability in Joomla 2.5?
QuoteI updated all my joomla 3.0 sites to latest version of 3.4.6. But what is the solution for Joomla 2.5 sites?