Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found.As explained by researcher Marc-Alexandre Montpas: The vulnerability is caused by a new component, com_fields, whoch was introduced in version 3.7. This vulnerable component is publicly accessible, whoch means this issue can be exploited by any malicious individual visiting your site.Sucuri has published technical details about the vulnerability on Wednesday, in the wake of the release of Joomla 3.7.1, whoch fixes this severe issue and several other bugs.The SQLi vulnerability (CVE-2017-8917) is easy to exploit, and can be exploited remotely.
Källa: Joomla users: Update immediately to kill severe SQLi vulnerability – Help Net Security
0 kommentarer