Joomla! remote code execution vulnerability
Description
A critical remote code execution vulnerability exists in Joomla! CMS versions 1.5.x through 3.4.5. The vulnerability stems from insufficient input validation of browser user-agent information during session storage. When session data is saved to the database, malicious user-agent strings are not properly sanitized, allowing attackers to inject and execute arbitrary PHP code on the server.
Remediation
Take immediate action to remediate this critical vulnerability:
For supported versions:
1. Upgrade to Joomla! CMS version 3.4.6 or later as soon as possible
2. Back up your website and database before performing the upgrade
3. Test the upgrade in a staging environment if available
4. After upgrading, review server logs for any suspicious activity or indicators of compromise
For end-of-life versions (1.5.x and 2.5.x):
1. Apply the official security hotfixes available at the Joomla documentation site (see references)
2. Plan an immediate migration to a currently supported Joomla! version, as EOL versions no longer receive security updates
Additional security measures:
1. Review and rotate any sensitive credentials (database passwords, admin accounts)
2. Scan your system for web shells or unauthorized files
3. Monitor your web server access logs for exploitation attempts