Core Joomla! Vulnerability Patched in Version 3.4.5 Security Release
A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites – stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.
Server-level protection with custom WAF rules
As always, when facing a vulnerability, we tend to take immediate actions in-house. We wrote custom rules inside our Web Application Firewall (WAF) to prevent potential exploits in our Joomla sites at the server level. We have shared our firewall rules with the Joomla! Security Team, in case they could be of help to other hosts or developers that want to protect their websites.
Autoupdate our Joomla! sites to the new and secure version 3.4.5
No matter how many server level fences we put up, it’s always best to have the vulnerability patched and all holes closed. That is why, today, after Joomla! released the official patch for the vulnerability with version 3.4.5, we will update all Joomlas that have enabled Auto Updates to the new and secure version.
If you have disabled the Joomla autoupdate feature from your SiteGround cPanel, please make sure you update your Joomla as soon as possible on your own.
Comments ( 3 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Zoran Filipović
I just update Joomla! to version 3.4.5 for all my four web sites on SiteGround. I update Joomla! in back-end Joomla administrator panel. Just smooth and fine job! Excellent work!
Greg Seymour
Too little, too late. My web site has been mercilessly hacked multiple times over the last 6 weeks. Each time, Siteground's only action was to take my site down until I had cleaned the problems and done my own updating. Standard backup plan is completely inadequate.
Marina Yordanova Siteground Team
Hello Greg, we are sorry that you feel this way. According to our technical team's checks, the vulnerability described in this post isn't related in any way to your website being hacked. Please note that the security of a website depends among which whether the application used is up-to-date and passwords are secure and changed frequently. Even when we take all necessary precautions on the server end, if the customer uses a password that's easy to guess or the site uses an app version with known vulnerabilities, we cannot prevent it from getting hacked. In regard to malware cleanup - it is not part of our regular web hosting services. For the convenience of our customers, who don't want to do that their selves or hire a web developer, we offer it as a paid service. We also also automatic updates for Joomla and WordPress that can be turned on from your cPanel.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through