We’ve been alerted to a new vulnerability within Joomla and the JCE editor. The exploit allows a hacker to upload a file via the JCE and gain full access to the site. The vulnerability makes it possible to upload PHP Scripts within images.
If you are running Joomla on your site, we’d recommend taking the following steps:
- Update JCE to the latest version as soon as possible, especially if you are using JCE 1.5 or any version before JCE 2.1.1.
- Update your core instance and keep it up to date with any new releases.
- Consider using a service such as Watchful.li to ensure your Joomla instance and extensions stay up to date and secure.
- Consider adding Backups to your hosting with us to ensure you always have a working history of your site/server to fall back on should they be required.
The above steps of ensuring your Content Management System, plugins and backups are all up to date is always worth ensuring no matter if you are using Joomla or another platform such as WordPress etc.