Joomla Critical Zero Day Remote Command Execution Vulnerability

Remote Code Execution Vulnerability

Remote Code Execution Vulnerability

The developer team of the popular content management system (CMS) Joomla released the updates and hotfixes to patch a critical remote code execution vulnerability. This vulnerability is said to be very critical allowing an attacker to execute remote commands.

This vulnerability is actively affecting Joomla versions from 1.5 through 3.4.5. You can determine Joomla version of your website from administrator panel. Once login to Joomla administrator panel, you would see Joomla version mentioned either at top right hand corner or at the bottom.

The patch for this vulnerability was released on Monday morning but it was too late as this bug was already being exploited in the wild. Attackers started exploiting this vulnerability on Saturday from huge number of IP addresses.

How do I determine If my Joomla website is compromised

To determine whether your Joomla website is compromised or not, researches have advised to examine the logs. You might see requests from or or as they were the first IP addresses to start the exploitation. Also, you might see unusual attempts targeting this vulnerability as shown below

2015 Dec 12 16:49:07 clienyhidden.access.log
Src IP: / CAN / Alberta – – [12/Dec/2015:16:49:40 -0500] “GET /contact/ HTTP/1.1” 403 5322 “” “}__test|O:21:\x22JDatabaseDriverMysqli\x22:3: ..
{s:2:\x22fc\x22;O:17:\x22JSimplepieFactory\x22:0: .. {}s:21:\x22\x5C0\x5C0\x5C0disconnectHandlers\x22;a:1:{i:0;a:2:{i:0;O:9:\x22SimplePie\x22:5:..

Source: Sucuri Blog

Here, payload has been modified so it can’t be misused. Malicious attackers are exploiting this vulnerability to perform an object injection attack that leads to a full remote command execution. If you find above logs in your current Joomla installation, consider your Joomla website compromised

How do I fix Remote Code Execution Vulnerability

If you are using the unsupported versions of Joomla(1.5.x and 2.5.x), you should apply the hotfixes.You can refer to article from OSTraining to apply these hotfixes. If you are using Joomla 3.x, you must update your Joomla installation to 3.4.6.

(Visited 640 times, 1 visits today)

Leave a Reply

AlphaOmega Captcha Classica  –  Enter Security Code

This site uses Akismet to reduce spam. Learn how your comment data is processed.