Joomla 2.5.5 released (security update)

Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:

1- Privilege escalation

High severity security issue, that allows unprivileged users to get admin access to a site running Joomla.

2- Information Disclosure

This is a low severity security issue that leaks internal information about the database, internal paths and PHP info.

More information about this release here: Joomla 2.5.5 released

Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sitecheck was also updated to alert users not running version 2.5.5 on their Joomla sites.

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

When malware injection goes wrong

Ben Martin
February 23, 2017

Today while scanning a client’s website, I found a failed attempt by attackers to hide the location of a backdoor. It is very common for…

Read the Post

Internet Cookies: What Are They and Are They Good or Bad?

Victor Santoyo
August 26, 2019

Cookies! I LOVE Cookies. Oatmeal raisin are one of my particular favorite flavors. However, we’re not here to talk about baked goods as much as…

Read the Post

The Impacts of Zero-Day Attacks

Gerson Ruiz
February 28, 2018

Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from…

Read the Post

Website Security

Analysis of a Malicious Blackhat SEO Script

Krasimir Konov
April 26, 2018

An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over…

Read the Post

Whitespace Steganography Conceals Web Shell in PHP Malware

Denis Sinegubko
February 2, 2021

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t…

Read the Post

Understanding Website SQL Injections

Ashley Sand
January 17, 2022

SQL injection is one of the most common types of web hacking techniques used today. As data breaches continue to happen to some of the…

Read the Post

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

Krasimir Konov
November 4, 2020

During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different…

Read the Post

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

Ben Martin
June 30, 2021

In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the…

Read the Post

Referral Program Update – Now Offering Agency Plan

Chase Watts
May 18, 2018

Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you…

Read the Post

WordPress Vulnerability & Patch Roundup December 2022

Rodrigo Escobar
December 28, 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Related Categories

You May Also Like