You NEED to update your Joomla right now.
Remote command execution vulnerability was just found in Joomla.
The Joomla security team has released a new version of Joomla 3 to patch critical vulnerability that affects all versions from 1.5 to 3.4.
If you're using Joomla 3 - update it to version 3.4.6 immediately.
If you're using Joomla 1.5 or 2.5 - you need to update one file in order to make it secure.
The file to be patched is located in:
Step by step guide how to patch Joomla 1.5 and 2.5:
- You can upload the .zip file to the root of your Joomla installation and then extract it directly there. The full path is in the .zip package.
- Alternatively you can:
- extract the Joomla 1.5 or Joomla 2.5 patch on your disk (links are provided above in this post)
- login to your ftp server and navigate where Joomla is located
- browse to the /libraries/joomla/sessions/ folder
- replace your current session.php file with the new session.php file you extracted from the .zip.
If you have any questions or thoughts leave a comment!