Joomla is one of the most popular frameworks for building websites. Such popularity however comes at a price: with an installed base this large it becomes an attractive target for finding and abusing exploits.
Recently a number of critical vulnerabilities have been discovered which are unfortunately actively being exploited. One of the more infamous ones is the exploit for a weakness in the Joomla Content Editor (JCE), one of the most popular plugins for Joomla.
By exploiting the weakness in this vulnerability an attacker can gain full control over your website, allowing him or her to deface the website or use your server as a strting point for further attacks on other sites and servers.
If you use Joomla, please make sure to update both the core Joomla install and all plugins to the latest released versions. And check every so often for new releases to be installed.
For more information on Joomla and the security hole in JCE please see here:
Thursday, April 4, 2013