Last week a report began surfacing regarding a flaw in older versions of Joomla’s content management systems (CMS). Italian researcher Alessandro Groppo is credited for discovering the bug and he proclaims that it affects versions 3.0.0 through 3.4.6, released between September of 2012 and December of 2015. The proof-of-concept has been posted online and the vulnerability is rather easy to exploit. The bug is a PHP object injection which can lead to Remote Code Execution (RCE) depending on the situation. It is being compared to another common Joomla exploit, CVE-2015 8562, which is also a PHP object injection, but the two are not related. CVE-2015-8562 only operated against PHP servers before 5.4.45, 5.5.29, and 5.6.13 while the newly-discovered vulnerability is separate from the server environment, meaning even though it affects a smaller number of sites, it would have a broader impact. However, developers seem to have dealt with both issues when they released a patch for CVE-2015-8562.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that