The SQL injection vulnerability is detected in Joomla 3.2–3.4.4. By exploiting the vulnerability remotely, an attacker can steal user database data (including user names, passwords, and logon credentials) and obtain Joomla backend permissions.
Perform a PoC test by running the following command to check whether your system is affected by the vulnerability:
/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=(exp(~(select * from(select md5(1))x)))
If the message containing the
c4ca4238a0b923820dcc509a6f75849b string is returned, the system is affected.
How to fix
Upgrade to the official release of 3.4.5 or later. Log on to the backend to check upgrade, or download the official upgrade package at https://github.com/joomla/joomla-cms/releases and install it.
Note: Test the version in a test environment before you perform the upgrade.