Joomla!: Remote Command Execution Vulnerability (0-day: Dec. 12, 2015)

All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.

To resolve this error, you need to find out which version of Joomla! you have, and then patch it.

Find your version of Joomla!

  1. Log in to your Joomla! administrator panel at http://your Joomla! site/administrator
  2. Scroll to the bottom of the page.

Your Joomla version number displays in the bottom-right corner.

Patch Joomla!

How you patch Joomla! depends on which version you have:

Joomla 3.x

To resolve this issue, you need to update your site to version 3.4.6.

  1. In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
  2. Click Install the Update.

You will receive a confirmation once the update completes:

Joomla 2.5 & 1.5

To resolve this issue, you need to replace the following file:

libraries\joomla\session\session.php
  1. Download the updated file, based on your version of Joomla!:
    Version Link to download patched file
    2.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip.
    1.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip
  2. Extract the ZIP file locally.
  3. Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the session.php file from your local machine to your Joomla! install directory\libraries\joomla\session\session.php.
  4. Accept any dialogs that ask you to replace the existing file.

Was dit artikel nuttig?
Hartelijk dank voor je feedback. Gebruik het supporttelefoonnummer of de bovenstaande chatoptie als je een vertegenwoordiger van de afdeling Klantenondersteuning wilt spreken.
Fijn dat we konden helpen! Kunnen we nog iets voor je doen?
Dat spijt ons. Vertel ons wat je verwarrend vond of waarom je probleem niet is opgelost via de geboden oplossing.