31 Jul

2014

Joomla! Kunena Vulnerability Fixed on all SiteGround Servers

blog

Critical vulnerability in the famous Kunena forum component for Joomla! were announced three days ago and a new version of the component that addresses the issue was released. According to the official Kunena blog post all extension that are not updated to the latest version are vulnerable and the attackers may use XSS and SQL injection to gain full access to a Joomla! site.

Immediately after the Kunena team tweeted about the issue SiteGround security team took rapid actions to protect all customers hosted on our servers. I have personally contacted the developers of the component and we worked together to write special rules for our web application firewall that will filter out all malicious requests that try to take advantage of this exploit.

Even though we protected all of our customers, no matter which version of Kunena they use, we still advise all users to upgrade their Kunena component to the latest stable version 3.0.6 in which the issue is fixed.

Author: Daniel Kanchev

Senior Web Apps Engineer and Performance Specialist

My challenging job is closely related to all kinds of Free and Open-Source Software products (some of my favorites are WordPress, Joomla!, Magento, Varnish and Apache mod_security). As a Web security and performance freak I am always hyper focused on solving all kinds of issues and improving our services.

Favorite Tweets

Facebook