Joomla! SQL injection vulnerability
Description
A SQL injection vulnerability exists in Joomla! versions 3.2 through 3.4.4 that allows unauthenticated attackers to execute arbitrary SQL queries against the application database. This vulnerability can be chained with additional security weaknesses to achieve complete administrative compromise of affected Joomla! installations. The flaw was discovered by Trustwave SpiderLabs and affects a widely-deployed open-source Content Management System.
Remediation
Immediately upgrade all Joomla! installations to version 3.4.5 or later, which contains patches for this SQL injection vulnerability and related security issues. Follow these steps:
1. Backup your site: Create a complete backup of your Joomla! files and database before upgrading
2. Update Joomla!: Use the Joomla! Update component (Extensions → Manage → Update) or manually download version 3.4.5+ from the official Joomla! website
3. Verify the update: Confirm the version number in the administrator panel footer shows 3.4.5 or higher
4. Review logs: Check server and application logs for any suspicious activity that may indicate prior exploitation
5. Monitor for updates: Subscribe to Joomla! security announcements to stay informed of future vulnerabilities
If immediate patching is not possible, consider temporarily restricting access to the site or placing it in maintenance mode until the upgrade can be completed.