The Joomla content management system recently received a security update to address a SQL injection vulnerability.
The flaw enabled hackers to steal data from the databases of Joomla-based systems.
The Joomla project released versions 3.2.3 and 2.2.19 of the open-source CMS. The updates target two cross-site scripting (XSS) flaws in core components.
Update 3.2.3 also serves to patch a SQL injection which was publicly disclosed last Month as well as an unauthorized log-in flaw in the Gmail-based authentication plug-in.
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.
SQL injection is one of the most common types of flaws exploited by attackers to compromise websites. Depending on their specific technical details, these vulnerabilities allow attackers to inject rogue code into sites or steal sensitive data from their databases.
According to statistics from W3Techs, a service that gathers data about the use of various Web technologies, Joomla is the second most popular CMS after WordPress.
Only around 8 percent of Joomla sites use 3.x versions of the software, while over 50 percent still use 1.x versions that are no longer supported, according to W3Techs.
Joomla has been heavily targeted by attackers lately.