RSS Feed
News
Oct
28
Joomla SQL Injection Attacks
Posted by Jeff H. on 28 October 2015 11:19 AM

Joomla SQL Injection Attacks

Security groups have reported a spike in Joomla based attacks over the past week.

 

An SQL injection attack allows a remote attacker to execute SQL statements against your database.  

 

If you run Joomla, check that your site is fully patched.

 

You can find more details here:

Truswave Report

Sucuri Report

 

There are multiple CVE's that relate to this issue.  These will be updated as more details emerge.

CVE-2015-7297

CVE-2015-7857

CVE-2015-7858

 

Web Application Firewalls

If you cannot update your application, we may be able to assist you in setting up a Web Application Firewall (WAF) service.   We work with a few different companies depending on your needs.  Cost range from $35-150/mo.  A WAF intercepts suspect traffic before it reaches your site.   This can give you more time to patch your software and prevent future attacks.

 


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).