On Aug 14, 2013‎ Yet another CMS has taken a battering by cyber attackers, as a simple Joomla vulnerability was exploited to infect thousands of websites with malware.

The sites were hacked to serve up the prevalent Blackhole exploit kit, which in turn infected users’ systems with banking Trojans.

Basic Joomla flaw

The vulnerability was uncovered after Versafe investigated a spike of Joomla compromises its clients saw in the first-half of 2013, which strongly suggested a fresh flaw in the CMS platform was being “more readily exploited”.

It found, for the 2.5.x and 3.x versions of Joomla, anyone with access to the media manager on the CMS could upload and execute arbitrary code just by adding a full stop (“.”) to the end of a php file.  For sites running unsupported versions of Joomla 1.5.x, attackers don’t even need access to an account on the Joomla server to gain access.

“They could simply go to a Joomla site, and upload the shell and malicious files without permissions access of any kind to the admin,” VP of business development at Versafe, Jens Hinrichsen, told TechWeekEurope.

Read more: Joomla CMS cyber attackers →

One of our new projects were to offer Secure Cloud Backups! It's even HIPAA compliant for Medical and Accounting Offices.

We are happy to say that we have upgraded our entire website to better support our customers. We hope that everyone will enjoy it.

Latest News:

  • Joomla CMS cyber attackers On Aug 14, 2013‎ Yet another CMS has taken a battering by cyber attackers, as a simple Joomla... Read more...

  • Cloud Services One of our new projects were to offer Secure Cloud Backups! It's even HIPAA compliant for Medical...

  • Website Upgrade We are happy to say that we have upgraded our entire website to better support our customers. We...

Login Form