Security Alerts

The United States Computer Emergency Readiness Team has released a new security alert. The affected software includes multiple Joomla! components. If you are using any of the following components, please upgrade immediately.

November 5, 2009

The Joomla! Core Team has announced the immediate availability of Joomla 1.5.15. We have also released version 1.2.7 of the Updater, an interim release while 2.0 (codename Djinnstaller) is being readied for release. Read on for more Joomla! news ...

Joomla! 1.5.10 has been released, and now is available to Pro users of the Intellispire Software Installer.

As 1.5.9 is a security update that fixes a major vulnerability, it is important that you perform your updates as soon as possible.

To upgrade, please follow these steps:

Joomla! 1.5.8 has been released, and now is available to Pro users of the Intellispire Software Installer.

Yesterday the Joomla! Core team released J! 1.5.7. This is a security release, and is a strongly recommended update.

http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html

Read the rest of this article for immediate upgrade instructions.

The Joomla! core team has released version 1.5.6 of the Joomla! CMS. This is a security release, and it is a mandatory, immediate upgrade. The rest of this article focuses on the attack itself, what you can do to secure your site, and where to get help if you need it.

2008-06-27 exp_shop_component [more info]
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.