Joomla!: Remote Command Execution Vulnerability (0-day: Dec. 12, 2015)

All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.

To resolve this error, you need to find out which version of Joomla! you have, and then patch it.

Find your version of Joomla!

1. Log in to your Joomla! administrator panel at http://your Joomla! site/administrator
2. Scroll to the bottom of the page.

Your Joomla version number displays in the bottom-right corner.

Patch Joomla!

How you patch Joomla! depends on which version you have:

Joomla 3.x

To resolve this issue, you need to update your site to version 3.4.6.

1. In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
2. Click Install the Update.

You will receive a confirmation once the update completes:

Joomla 2.5 & 1.5

To resolve this issue, you need to replace the following file:

1. Download the updated file, based on your version of Joomla!:

   Version	Link to download patched file
   2.5	https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip.
   1.5	https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip

2. Extract the ZIP file locally.
3. Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the session.php file from your local machine to your Joomla! install directory\libraries\joomla\session\session.php.
4. Accept any dialogs that ask you to replace the existing file.