Monday, 21 December 2015Written by Alan Foster

Joomla critical security vulnerability

We don't normally write blog posts about security updates for Joomla but on this occasion we feel it's important to make people aware of a critical security vulnerability in all versions of Joomla 1.5, 2.5 and 3.4.
An update was released by the Joomla project team on 21/12/2015 which fixes the security vulnerability in all versions of Joomla 1.5, 2.5 and 3.4.

The update resolves the following issues

  1. High Priority - Core - Remote Code Execution (affecting Joomla 1.5 through 3.4.5) More information
  2. Low Priority - Core - CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5) More information.
  3. Low Priority - Core - Directory Traversal (affecting Joomla 3.2.0 through 3.4.5) More information.
  4. Low Priority - Core - Directory Traversal (affecting Joomla 3.4.0 through 3.4.5) More information

You can read the official announcements by visiting

  1. https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
  2. https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html

Where can i find the Update for Joomla 2.5?

The development team has been kind enough to release a patch for Joomla 2.5 to, they don’t have to as 2.5 reached end of life in december 2014 but they have so thank you to the community for releasing a patch for 2.5 so quickly.

You can find out more by visiting https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions

Updating 2.5 is pretty simple you just need to complete the following steps.

  1. download the updated security patch by visiting https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
  2. Open your FTP software
  3. Browse to the following directory \libraries\joomla\session\
  4. Update the session.php file

Before updating your website we recommend you read the following blog post which you may find useful http://www.energizethemes.com/blog/joomla/things-to-do-before-updating-joomla.html

We hope you find this blog post useful and we recommend after reading this post you update your website straight away.