Posted on: October 23, 2015 View Alerts

Systems Affected

Overview

Joomla is a trusted open source and free content management system written in PHP. Joomla enables users to build websites, portals and /or applications. It was recently discovered by Trustwave SpiderLabs that Joomla versions 3.0 to Joomla 3.4.4 are vulnerable to SQL Injections. This vulnerability can allow attackers to gain an administrator’s access on a compromised website built on the susceptible versions of Joomla.

Description

GNCIRT has been advised by OAS/CICTE Cyber Security Technical Specialists of a serious vulnerability affecting Joomla 3.0 to 3.4.4 platforms.
This exploit allows unauthorized users to remotely gain administrator access to websites running on the above mentioned versions of Joomla. This is carried out by malicious actors using SQL Injection and Session hijacking attacks on targeted websites.
The vulnerability stems from a weakness in the /administrator/components/con_contenthistory/models/history.php code. Malicious attackers can grab the session ID of an administrator’s user account from the database and paste the ill-gotten session ID to the cookie section in the request thus acquiring administrative privileges.
To address the above highlighted exploit Joomla has released version 3.4.5. Joomla 3.4.5 contains the required fixes and additional hardening measures were taken.

Suggested Action

GNCIRT recommends the following steps be taken to mitigate the impact:
• Verify your website/s version/s if using Joomla.
• Consider taking websites offline and rebuilding it using Joomla 3.4.5
• Upload and make available new website built on Joomla 3.4.5

References