Tag Archives: Joomla! Security

Critical Vulnerability in Joomla! HD FLV Player Plugin

We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites running this plugin are also at risk of being abused to send spam emails, an issue which wasn’t fixed in More Info »

JoomDonation Compromised

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the proper account registered in there and contained the full names, so it looks like JoomDonation did in fact got breached. This is the full More Info »

Deep Dive into the HikaShop Vulnerability

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this happens, More Info »

The Psychology Behind Why Websites Get Hacked

It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because everything seems fine, doesn’t mean that the best security practices shouldn’t be followed, or that being safe so far doesn’t grant future invincibility. The question, “Why should I worry?” is heard so More Info »

Security Advisory – Hikashop Extension for Joomla!

Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on the vulnerable website[s]. What are the risks? This More Info »