Joomla! has fixed three critical vulnerabilities in its software.

Joomla! the most popular open source Content Management System software package has recently released an update to patch three critical vulnerabilities in its older software i.e. Joomla version 3.2 to 3.4.4, which include SQL Injection Vulnerabilities that could have allowed the hackers to take the admin rights on websites.

The new version Joomla! 3.4.5 is now available, reportedly the upgrade only contains the security patches. The main focus of the upgrade was to patch the SQL Injection Vulnerability that was discovered by Trustwave SpiderLabs researcher Asaf Orpani and a researcher by PerimeterX named Netanel Rubin.


SQL Injection is one of the oldest and powerful way in which a website or web application that is using SQL Database can be exploited by inserting malicious SQL queries through the input data from the client side to the web application.

Orpani has discovered the following SQL Injections in Joomla Software Package:

  • CVE-2015-7297
  • CVE-2015-7857
  • CVE-2015-7858

CVE-2015-7857 is the most dangerous among the mentioned vulnerabilities, in which a hacker can gain the admin rights by hijacking the admin session. And once the vulnerability is exploited the hacker can gain the full access of the website and execute further attacks. The vulnerability is discovered in the core module that does not require any extension. So, the websites that are using Joomla version 3.2 and above are vulnerable to the flaw.

Researchers discovered that the code existing in history.php was vulnerable to SQL Injection. Orpani discovered many weak links in the code that could exploit the vulnerability to gain the admin session key and much more.

Joomla wrote on its website “Joomla! 3.4.5 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. We strongly recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.”

Joomla also thanked to Orpani and Rubin for disclosing the security flaws “Thank you to Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX for the responsible disclosure of the security vulnerabilities addressed in this release and to the Joomla Security Strike Team for their swift resolution of these issues.” Joomla! wrote in a thanks note.

So, if you are using Joomla CMS services then update your software immediately to stay safe.

Have something to add on Joomla! has released Joomla! 3.4.5, fixing the three critical vulnerabilities? Please add in comments.

Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.