Joomla! 1.0.3 Critical Vulnerability
From postings on the forum, it is clear that some Joomla! users are still operating sites with Joomla! 1.0.3
If you are running 1.0.3 and below you MUST upgrade to at Least 1.0.4
1.0.3 and below contains a Critical Security Vulnerability (our highest security warning), which can lead to unauthorized users gaining access to your site. There have been numerous reports of sites being attacked through this vunerability and Hackers are specifically targetting and testing Joomla! sites for this vulnerability. If you are upgrading we would advise you to upgrade directly to Joomla! 1.0.8
Recent Mambo Threats
There have been two (2) security vulnerabilities reported in Mambo that have caused some concern to Joomla! users. One is an F-Secure Report, the other a Gulftech Report.
Our internal testing and contacts with the security bodies (who discovered the vulnerabilites) have shown that Joomla! is NOT vulnerable to either of these two threats.
This has been discussed here:
- Linux Worm targetting Mambo, is about an already fixed one year old vulnerability
- Joomla! 1.0.x is not affected by recent Mambo Vulnerability