Joomla SQL-Injection Flaw Affects Millions of Websites

An anonymous reader writes: Joomla has just issued a patch that fixes a SQL-injection vulnerability discovered by a researcher at Trustwave SpiderLabs. The flaw allowed malicious users to extract a browser cookie assigned to a site's administrator, giving them access to restricted parts of the server. The flaw first appeared in Joomla 3.2, released in November, 2013. An estimated 2.8 million websites rely on Joomla. The Joomla team and the researcher who found the flaw recommend an immediate update to version 3.4.5.

Today I Learned

[JustAnotherOldGuy]

Today I learned that I write more secure code than all of the fucking coders at Joomla put together.

A decent sized company with loads of resources, lots of code reviews, using Agile, Scrum, Waterfall, SuckMyPecker, and (supposedly) staffed with experienced programmers, and they STILL fuck it up.