On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component. The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code. It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.
In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:
- Session management improvements
- Hide configuration and system information from non-super users
- Delete existing passwords when user passwords are changed
- PHP 7.2 compatibility fixes
In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.
If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.