The Joomla security team have just released a CRITICAL patch to fix a Remote Code Execution vulnerability within Joomla. This affects every version from 1.5 through to 3.4.5 (including 2.5 releases).
What do I need to do
- Update Joomla to 3.4.6 or apply the patch for Joomla 1.5 / 2.5
- Update MySQL User Password for Joomla Database
- Update FTP Password
- Scan for malicious files
- Update Joomla or apply patch (As with applying any updates BACKUP is step 1).
- Joomla 3.4.0 to 3.4.5 – log into the Joomla administrator and update to 3.4.6
- Joomla 2.5 – apply patch https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
- Joomla 1.5 – apply patch https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
- Update the MySQL user password:
- Follow our How-To guide here: https://www.conetix.com.au/support/article/how-update-mysql-password-database-user-plesk
- Once updated edit the configuration.php via FTP or Hosting panel and update with your New MySQL password
- Update FTP Password (only required if the password exists in the configuration.php)
- Follow our How-To guide here: https://www.conetix.com.au/support/article/how-change-ftp-password-plesk
- Once updated edit the configuration.php via FTP or Hosting panel and update with your New FTP password.
- Scan for any files which have been modified or new files added. If you need assistance with this, please contact the Conetix Support Team.