Η ομάδα του Joomla ανακοίνωσε την έκδοση 3.4.5. ή οποία διορθώνει μία SQL Injection vulnerability which is characterized as critical.
The SQL vulnerability in question was reported on October 15. Although there are no specifics yet data για αυτήν, η ομάδα Security of Joomla said the issue was important enough to justify it pre-announcement which happened the next day.
According to the information available at this time, the vulnerability manifests itself due to "insufficient filtering of the request of data” and affects Joomla core for all versions from 3.2 to 3.4.4.
In addition to SQL injection, two others vulnerabilities were also corrected. THE new edition seals the com_contenthistory and com_content functions that allow attackers to access data when it should normally be restricted as unprivileged users.
These vulnerabilities affect Joomla versions from 3.2 to 3.4.4 (com_contenthistory) and from 3.0 to 3.4.4 (com_content).
All users are invited to upgrade as soon as possible to avoid one attack in their website code.
You can download the latest version of Joomla CMS from official webpage, or by GitHub.