BEST OF THE WEB

Joomla patched for SQL injection vulnerability

The Joomla content management system recently received a security update to address a SQL injection vulnerability.

The flaw enabled hackers to steal data from the databases of Joomla-based systems.

The Joomla project released versions 3.2.3 and 2.2.19 of the open-source CMS. The updates target two cross-site scripting (XSS) flaws in core components.

Update 3.2.3 also serves to patch a SQL injection which was publicly disclosed last Month as well as an unauthorized log-in flaw in the Gmail-based authentication plug-in.

Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.

The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.

SQL injection is one of the most common types of flaws exploited by attackers to compromise websites. Depending on their specific technical details, these vulnerabilities allow attackers to inject rogue code into sites or steal sensitive data from their databases.

According to statistics from W3Techs, a service that gathers data about the use of various Web technologies, Joomla is the second most popular CMS after WordPress.

Only around 8 percent of Joomla sites use 3.x versions of the software, while over 50 percent still use 1.x versions that are no longer supported, according to W3Techs.

Joomla has been heavily targeted by attackers lately.

Read the whole story here

 

 

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web