If your website is based on the popular Joomla content management system, make sure you have updated your platform to the latest version released today.
Joomla, the world's second popular open source Content Management System, has reportedly patched a critical vulnerability in its software’s core component.
Website administrators are strongly advised to immediately install latest Joomla version 3.7.1, released today, to patch a critical SQL Injection vulnerability (CVE-2017-8917) that affects only Joomla version 3.7.0.
“Inadequate filtering of request data leads to a SQL Injection vulnerability.” release note says.
The SQL Injection vulnerability in Joomla 3.7.0 was responsibly reported by Marc-Alexandre Montpas, a security researcher at Sucuri last week to the company.
According to the researcher, 'The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site,' which could allow remote hackers to steal sensitive information from the database and gain unauthorized access to websites.
The SQL Injection vulnerability originates from a com_fields parameter, which was introduced in version 3.7.
Since hackers would not take much time to exploit this vulnerability against millions of websites, you are advised to download the latest version of Joomla for your website and inform others about the release of critical patch update as well.
Latest Joomla 3.7.1 Release Patches Critical SQL Injection Attack
Reviewed by Deepak Yadav