Joomla Remote Code Execution Vulnerability

Overview

The Joomla security team have just released a CRITICAL patch to fix a Remote Code Execution vulnerability within Joomla. This affects every version from 1.5 through to 3.4.5 (including 2.5 releases).

This exploit is already out in the wild and you may already be compromised.

Further Reading: https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html

What do I need to do

1. Update Joomla to 3.4.6 or apply the patch for Joomla 1.5 / 2.5
2. Update MySQL User Password for Joomla Database
3. Update FTP Password
4. Scan for malicious files

Instructions

1. Update Joomla or apply patch (As with applying any updates BACKUP is step 1).
   • Joomla 3.4.0 to 3.4.5 – log into the Joomla administrator and update to 3.4.6
   • Joomla 2.5 – apply patch https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
   • Joomla 1.5 – apply patch https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
2. Update the MySQL user password:
   1. Follow our How-To guide here: https://www.conetix.com.au/support/article/how-update-mysql-password-database-user-plesk
   2. Once updated edit the configuration.php via FTP or Hosting panel and update with your New MySQL password
3. Update FTP Password (only required if the password exists in the configuration.php)
   1. Follow our How-To guide here: https://www.conetix.com.au/support/article/how-change-ftp-password-plesk 
   2. Once updated edit the configuration.php via FTP or Hosting panel and update with your New FTP password.
4. Scan for any files which have been modified or new files added. If you need assistance with this, please contact the Conetix Support Team.

Note: All Conetix Customers on a Managed Joomla plan have already had these procedures applied and 100% protected.