Light Dark
October 26, 2015 By Shane Schick 2 min read

The makers of open-source content management software (CMS) Joomla have moved quickly to patch a hole that allowed cybercriminals to make SQL injection attacks that would give them full administrative access to millions of websites.

A posting on the Joomla website late last week announced version 3.4.5 of the platform, which specifically addressed the SQL injection vulnerability. It described the fix as a high priority aimed at preventing attackers from exploiting the bug, which affected Joomla 3.2 through 3.4.4.

A researcher at Trustwave SpiderLabs first discovered the issue, which essentially let third parties enter specially crafted input fields on Web pages using Joomla. This would then provide the ability to observe the behavior of a host sever. According to the blog, the potential danger was huge, given that Joomla is used by more than 2.8 million websites and owns more than 6 percent of the worldwide website CMS market.

SQL injections are not uncommon as a hacking technique, but in this case, cybercriminals would have been able to extract a cookie from a Joomla user by exposing a session ID and then loading it into another browser. Ars Technica reported that details about the code used to take advantage of the flaw had already been published to Metasploit, which is used not only by legitimate penetration testing experts, but members of the hacking community, as well.

Logging in as the administrator of a Joomla website would mean cybercriminals could do almost anything they wanted, Digital Journal observed, including block content, push out malware, delete pages on a site or even worse. Unlike some SQL injection attacks, the vulnerability on Joomla wasn’t necessarily that difficult or time-consuming to execute, which is why the release of the updated version will be so important to a number of website owners.

As Softpedia pointed out, Joomla’s SQL injection issue isn’t the only example of flaws opening up major risks within the CMS space. Just a few hours before the Joomla problem was discovered, makers of a similar open-source tool, Drupal, released an upgrade to deal with an open redirect vulnerability. No matter what you use to publish and manage Web content, staying current has never been more important.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

July 24, 2024

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature