Description
The Joomla security team have released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability.
Remediation
Upgrade to Joomla! CMS version 3.4.6. If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes listed in the Web references section.
References
Security hotfixes for Joomla EOL versions
[20151201] - Core - Remote Code Execution Vulnerability
Critical 0-day Remote Command Execution Vulnerability in Joomla
Related Vulnerabilities
Symfony ESI (Edge-Side Includes) enabled
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)
Drupal Core 7.x Remote Code Execution (7.0 - 7.73)
Apache Struts 2 ClassLoader manipulation and denial of service
WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)