Joomla!: Remote Command Execution Vulnerability (0-day: Dec. 12, 2015)
All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.
To resolve this error, you need to find out which version of Joomla! you have, and then patch it.
Find your version of Joomla!
- Log in to your Joomla! administrator panel at http://your Joomla! site/administrator
- Scroll to the bottom of the page.
Your Joomla version number displays in the bottom-right corner.
Patch Joomla!
How you patch Joomla! depends on which version you have:
Joomla 3.x
To resolve this issue, you need to update your site to version 3.4.6.
- In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
- Click Install the Update.
You will receive a confirmation once the update completes:
Joomla 2.5 & 1.5
To resolve this issue, you need to replace the following file:
libraries\joomla\session\session.php
- Download the updated file, based on your version of Joomla!:
Version Link to download patched file 2.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip. 1.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip - Extract the
ZIP
file locally. - Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the
session.php
file from your local machine toyour Joomla! install directory\libraries\joomla\session\session.php
. - Accept any dialogs that ask you to replace the existing file.