Description
Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla!, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.
Remediation
Upgrade to Joomla! version 3.4.5.
References
Related Vulnerabilities
WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)
WordPress Plugin WP Symposium 'get_profile_avatar.php' SQL Injection (0.64)
WordPress 4.1.x Possible SQL Injection Vulnerability (4.1 - 4.1.19)
Drupal core 7.x SQL injection vulnerability
WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)