Core Joomla! Vulnerability Patched in Version 3.4.5 Security Release


A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites – stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.

Server-level protection with custom WAF rules

As always, when facing a vulnerability, we tend to take immediate actions in-house. We wrote custom rules inside our Web Application Firewall (WAF) to prevent potential exploits in our Joomla sites at the server level. We have shared our firewall rules with the Joomla! Security Team, in case they could be of help to other hosts or developers that want to protect their websites.

Autoupdate our Joomla! sites to the new and secure version 3.4.5

No matter how many server level fences we put up, it’s always best to have the vulnerability patched and all holes closed. That is why, today, after Joomla! released the official patch for the vulnerability with version 3.4.5, we will update all Joomlas that have enabled Auto Updates to the new and secure version.

If you have disabled the Joomla autoupdate feature from your SiteGround cPanel, please make sure you update your Joomla as soon as possible on your own.

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.


Please check your email to confirm your subscription.

author avatar

Daniel Kanchev

Director Product Development

Daniel is responsible for bringing new products to life at SiteGround. This involves handling all types of tasks and communication across multiple teams. Enthusiastic about technology, user experience, security and performance, you can never be bored hanging around him. Also an occasional conference speaker and travel addict.

Comments ( 3 )

author avatar

Zoran Filipović

Oct 22, 2015

I just update Joomla! to version 3.4.5 for all my four web sites on SiteGround. I update Joomla! in back-end Joomla administrator panel. Just smooth and fine job! Excellent work!

author avatar

Greg Seymour

Nov 10, 2015

Too little, too late. My web site has been mercilessly hacked multiple times over the last 6 weeks. Each time, Siteground's only action was to take my site down until I had cleaned the problems and done my own updating. Standard backup plan is completely inadequate.

author avatar

Marina Yordanova Siteground Team

Nov 11, 2015

Hello Greg, we are sorry that you feel this way. According to our technical team's checks, the vulnerability described in this post isn't related in any way to your website being hacked. Please note that the security of a website depends among which whether the application used is up-to-date and passwords are secure and changed frequently. Even when we take all necessary precautions on the server end, if the customer uses a password that's easy to guess or the site uses an app version with known vulnerabilities, we cannot prevent it from getting hacked. In regard to malware cleanup - it is not part of our regular web hosting services. For the convenience of our customers, who don't want to do that their selves or hire a web developer, we offer it as a paid service. We also also automatic updates for Joomla and WordPress that can be turned on from your cPanel.


Start discussion

Related Posts