Joomla!: Remote Command Execution Vulnerability (0-day: Dec. 12, 2015)

All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.

To resolve this error, you need to find out which version of Joomla! you have, and then patch it.

Find your version of Joomla!

  1. Log in to your Joomla! administrator panel at http://your Joomla! site/administrator
  2. Scroll to the bottom of the page.

Your Joomla version number displays in the bottom-right corner.

Patch Joomla!

How you patch Joomla! depends on which version you have:

Joomla 3.x

To resolve this issue, you need to update your site to version 3.4.6.

  1. In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
  2. Click Install the Update.

You will receive a confirmation once the update completes:

Joomla 2.5 & 1.5

To resolve this issue, you need to replace the following file:

libraries\joomla\session\session.php
  1. Download the updated file, based on your version of Joomla!:
    Version Link to download patched file
    2.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip.
    1.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip
  2. Extract the ZIP file locally.
  3. Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the session.php file from your local machine to your Joomla! install directory\libraries\joomla\session\session.php.
  4. Accept any dialogs that ask you to replace the existing file.

Apakah Artikel Ini Berguna?
Terima kasih atas masukan Anda. Untuk berbicara dengan perwakilan layanan pelanggan, hubungi nomor ponsel dukungan atau gunakan opsi chatting di atas.
Senang bisa membantu! Ada hal lain yang dapat kami lakukan untuk Anda?
Maaf tentang hal tersebut. Sampaikan apa yang membuat Anda bingung atau mengapa solusi tersebut tidak mengatasi masalah Anda.