This article is more than 1 year old
Patch now! Joomla attacked in remote code execution blitzkrieg
Weekend 0day attacks ramp up.
Joomla has slung a patch to crush a critical eight-year-old remote code execution vulnerability under active exploitation by attackers.
Sucuri threat man Daniel Cid says hundreds of attacks are now taking place having ramped up from a mere handful Saturday.
"This is a serious vulnerability that can be easily exploited and is already in the wild," Cid ahrfe .
"If you are using Joomla, you have to update it right now.
"The wave of attacks is even bigger, with basically every site and honeypot we have being attacked [which] means that probably every other Joomla site out there is being targeted as well."
The then zero day must have been a treat for attackers; Joomla is the web's most popular content management system having been downloaded more than 50 million times and used by the likes of eBay, the United Nations, Barnes and Noble, and Peugeot.
Joomla warns in an advisory that all versions above 1.5 are affected meaning web admins must upgrade to the patched version 3.4.6.
"Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability," it says.
Cid says the attackers are running object injection through the HTTP user agent with exploits coming from the IP address 220.127.116.11, 18.104.22.168, and 22.214.171.124.
He urges admins to check logs. And patch, ASAP. ®