Joomla Security Issues: Top 5 Deadly Attacks on Joomla Site

Joomla is a popular CMS which outdoes its rivals in adaptability and flexibility. Joomla is a fine balance when it comes to choosing between the two extreme ends WordPress and Drupal. However, just like every other CMS, Joomla has had a fair share of security vulnerabilities. Hackers have exploited multiple Joomla sites worldwide from time to time due to different Joomla security issues. According to the official Joomla Magazine,

Joomla! is fast becoming one of the most popular content management systems in the world, powering almost 3% of the web and exceeding 30 million downloads – the chances are during your day you probably browse at least one website using Joomla!. Many businesses rely on Joomla! for their web presence, but often business owners are not empowered to ensure that their website is being managed properly, or is up to date with the latest security patches.

This article explains some commonly found vulnerabilities in the Joomla core files and Joomla plugins.

Joomla Security Issues: Cross-Site Scripting

A Joomla XSS is a security issue caused due to lack of input filtering. This flaw allows an attacker to trick victims into executing malicious javascript code on the Joomla pages. This code can be used for cookie stealing, phishing, keylogging, etc.

Once such security issue was found in Joomla which was dubbed as CVE-2019-12766. The component vulnerable was the subform field type of Joomla which lacked proper input filtering. All the versions of Joomla below 3.9.7 were affected. Another such flaw was the CVE-2019-6263 for which even an exploit is available!

Joomla Security Issues: SQL Injection

Joomla SQL injection is very common just like the XSS. Both of them are caused due to lack of proper input filtering measures. Attackers can use an SQLi to manipulate the contents of your database entirely. This means deleting tables, reading sensitive admin tables and even manipulating them. In some cases, a Joomla SQLi bug can also be used to run shell commands.

A core SQLi vulnerability was found in Joomla 3.5.0 to 3.8.5 which was dubbed as CVE-2018-8045. This was caused due to lack of typecasting of a variable in the User Notes List View. However, when it comes to other components of Joomla, SQLi is rampant due to poor coding practices. For instance, the Joomla extension ARI Quiz 3.7.4 was found vulnerable to SQLi. The vulnerable string was categoryId. Look at the URLs given below for reference.

Joomla security issue

Exploit-DB houses a large list of exploits for such vulnerable components. So if you are using any of them, uninstall now!

Dealing with a Joomla security issue? Drop us a message on the chat widget, and we’d be happy to help you. Fix my Joomla website now.

Joomla Security Issues: Remote Code Execution

A Joomla RCE is a security issue that occurs when a malicious command is injected within a string or a file and the language parser executes it. This security issue can lead to a complete takeover of your Joomla site as the attacker can execute any arbitrary malicious code.

One such RCE vulnerability was found in Joomla versions below 3.8.13 and dubbed as CVE-2018-17856. This was caused due to faulty Joomla update component called com_joomlaupdate. However, to exploit this, admin privileges were needed. However, when it comes to Joomla extensions, a large number of such vulnerable extensions are found. For instance, the vBizz 1.0.7 extension of Joomla contained an RCE bug.

Joomla Security Issues: Cross-Site Request Forgery

As the name suggests, a Joomla CSRF bug allows an attacker to execute unwanted actions on the site like deleting the contents of the page. However, the attacker has no means to see the response of the request yet, this can prove fatal as it can delete accounts, transfer contents from one account to another, etc.

Joomla versions before 3.9.5 suffered from a CSRF bug dubbed as CVE-2019-10945. This was also a directory traversal bug which could be exploited to conduct CSRF. A directory traversal Joomla security issue allows attackers to read files outside the www directory. The component vulnerable was the Media Manager which allowed directory traversal as well as CSRF attacks through the folder parameter.

Joomla Security Issues: Privilege Escalation

A Joomla privilege escalation is a vulnerability that allows attackers to elevate their status on the server. For instance, the attacker which was a normal registered user on the site can escalate privileges to run commands as an administrator of your Joomla site!. Joomla was affected by a serious privilege escalation flaw dubbed as CVE-2016-8869. The file vulnerable was the controllers/user.php. The register method of this file which belonged to the UsersModelRegistration class was responsible for privilege escalation. Attackers could inject unfiltered data to escalate privileges while registering on the Joomla site. Exploiting this bug has become easier now as there is a Metasploit module available to accomplish the same!

Conclusion

This is just a comprehensive Joomla security issue list. There is still a lot of social engineering attacks or server misconfiguration flaws that can compromise your Joomla site. However, mentioning each one of them is beyond the scope of this article. However, the best remedy for all of these attacks is a security solution like the one Astra Security Suite provides. Astra Firewall is known to block the above-mentioned attacks and 100+ more coming threats. With Astra's on-demand malware scanner, you can scan your website in a matter of a few minutes only. You can get an Astra demo here!

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

A computer nerd. Loves working with Sqlmap and BeEF (the software) ;) Has experience in wireless pen tests. Owns a chatbot on Pandorabots named Mark1. In free time he can be found saving some goals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close