Joomla! 1.7/2.5 SQL injection vulnerability
Description
A SQL injection vulnerability exists in the core of Joomla! versions 2.5.0, 2.5.1, and all 1.7.x releases (including 1.7.4 and earlier). This vulnerability was publicly disclosed on February 29, 2012, and allows unauthenticated attackers to inject malicious SQL commands into database queries due to insufficient input validation in the application's core components.
Remediation
Immediately upgrade to Joomla! version 2.5.2 or later, which contains patches that address this SQL injection vulnerability. Follow these steps to remediate:
1. Back up your current Joomla! installation and database before proceeding
2. Download Joomla! 2.5.2 or the latest stable version from the official Joomla! website
3. Follow the official Joomla! upgrade documentation to apply the update
4. After upgrading, verify the installation is running version 2.5.2 or later in the administrator panel
5. Review database logs for any suspicious activity that may indicate prior exploitation
6. Consider changing administrative passwords and reviewing user accounts for unauthorized access
If immediate upgrading is not possible, implement temporary mitigations such as restricting access to the application through IP whitelisting or placing the site in maintenance mode until the upgrade can be completed.