Joomla SQL-Injection Flaw Affects Millions of Websites (trustwave.com)

Posted by Soulskill on Sunday October 25, 2015 @02:31AM from the still-a-thing-in-2015 dept.

An anonymous reader writes: Joomla has just issued a patch that fixes a SQL-injection vulnerability discovered by a researcher at Trustwave SpiderLabs. The flaw allowed malicious users to extract a browser cookie assigned to a site's administrator, giving them access to restricted parts of the server. The flaw first appeared in Joomla 3.2, released in November, 2013. An estimated 2.8 million websites rely on Joomla. The Joomla team and the researcher who found the flaw recommend an immediate update to version 3.4.5.

2 of 120 comments (clear)

Min score:

Reason:

Sort:

Re: php frameworks by behrooz0az · 2015-10-25 02:53 · Score: 3, Informative

It's not easier.
But objectively speaking, bad coders write bad code no matter what kind of database or programming language you give them. They mess up

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
Re:Today I Learned by Anonymous Coward · 2015-10-25 03:40 · Score: 3, Informative

Joomla is not a company. The people developing it are volunteers.