Security Announcements

[20151001] - Core - SQL Injection

Project: Joomla!

Joomla! SubProject: CMS

CMS Severity: High

Versions: 3.2.0 through 3.4.4

3.2.0 through 3.4.4 Exploit type: SQL Injection

SQL Injection Reported Date: 2015-October-15

2015-October-15 Fixed Date: 2015-October-22

2015-October-22 CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858

Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX