Joomla!: Remote Command Execution Vulnerability (0-day: Dec. 12, 2015)

All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.

To resolve this error, you need to find out which version of Joomla! you have, and then patch it.

Find your version of Joomla!

  1. Log in to your Joomla! administrator panel at http://your Joomla! site/administrator
  2. Scroll to the bottom of the page.

Your Joomla version number displays in the bottom-right corner.

Patch Joomla!

How you patch Joomla! depends on which version you have:

Joomla 3.x

To resolve this issue, you need to update your site to version 3.4.6.

  1. In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
  2. Click Install the Update.

You will receive a confirmation once the update completes:

Joomla 2.5 & 1.5

To resolve this issue, you need to replace the following file:

libraries\joomla\session\session.php
  1. Download the updated file, based on your version of Joomla!:
    Version Link to download patched file
    2.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip.
    1.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip
  2. Extract the ZIP file locally.
  3. Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the session.php file from your local machine to your Joomla! install directory\libraries\joomla\session\session.php.
  4. Accept any dialogs that ask you to replace the existing file.

이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.