Joomla users: Update immediately to kill severe SQLi vulnerability – Help Net Security

Joomla users: Update immediately to kill severe SQLi vulnerability - Help Net Security

Joomla users: Update immediately to kill severe SQLi vulnerability – Help Net Security

Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found.As explained by researcher Marc-Alexandre Montpas: “The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. This vulnerable component is publicly accessible, which means this issue can be exploited by any malicious individual visiting your site.”Sucuri has published technical details about the vulnerability on Wednesday, in the wake of the release of Joomla 3.7.1, which fixes this severe issue and several other bugs.The SQLi vulnerability (CVE-2017-8917) is easy to exploit, and can be exploited remotely.

Källa: Joomla users: Update immediately to kill severe SQLi vulnerability – Help Net Security

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.