Η team of Joomla announced version 3.4.5. or which fixes an SQL Injection vulnerability that is classified as critical.
The SQL vulnerability in question was reported on October 15. Although there are no specifics about her yet, the team Security of Joomla said the issue was important enough to justify it pre-announcement which happened the next day.
According to the information available at this time, the vulnerability manifests itself due to "insufficient filtering of the request of data” and affects Joomla core for all versions from 3.2 to 3.4.4.
In addition to SQL injection, two other vulnerabilities were also fixed. The new version seals the com_contenthistory and com_content functions that allow attackers to have access into a data whereas it should normally be restricted as unprivileged users.
These vulnerabilities affect Joomla versions from 3.2 to 3.4.4 (com_contenthistory) and from 3.0 to 3.4.4 (com_content).
All users are invited to upgrade as soon as possible to avoid an attack on their site's code.
You can download the latest version of Joomla CMS from official webpage, or by GitHub.