Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article:
The vulnerability was discovered by Italian security researcher Alessandro Groppo of Hacktive Security, and impacts all Joomla versions from 3.0.0 to 3.4.6, released between late September 2012 to mid-December 2015.
The vulnerability is trivial to exploit, and proof-of-concept exploit code has been published online.
It's a PHP object injection that can lead to remote code execution (RCE) under certain scenarios. For example, it can be exploited via the Joomla CMS' login form and can allow attackers to execute code on the site's underlying server.
The link for this article located at ZDNet is no longer available.