Joomla vulnerability (zero day) for older versions of Joomla
-
Tuesday, 8th October, 2019
-
22:02pm
If you did not yet upgrade your Joomla version to a supported version this is really a reason to do this quickly.
read the full article here: https://www.zdnet.com/article/zero-day-published-for-old-joomla-cms-versions/
The vulnerability was discovered by Italian security researcher Alessandro Groppo of Hacktive Security, and impacts all Joomla versions from 3.0.0 to 3.4.6, released between late September 2012 to mid-December 2015.
The vulnerability is trivial to exploit, and proof-of-concept exploit code has been published online.
It's a PHP object injection that can lead to remote code execution (RCE) under certain scenarios. For example, it can be exploited via the Joomla CMS' login form and can allow attackers to execute code on the site's underlying server.