Home Guides Glossary

Joomla!: Remote Command Execution Vulnerability (0-Day: Dec. 12, 2015)

All Joomla!® users need to patch their installations due to a vulnerability discovered on Dec. 14, 2105.

To resolve this error, you need to find out which version of Joomla! you have, and then patch it.

Find your version of Joomla!

  1. Log in to your Joomla! administrator panel at http://your Joomla! Website/administrator
  2. Scroll to the bottom of the page.

Your Joomla version number displays in the bottom-right corner.

Patch Joomla!

How you patch Joomla! depends on which version you have:

Joomla 3.x

To resolve this issue, you need to update your Website to version 3.4.6.

  1. In your Joomla! administrator panel, in the Maintenance section, click Joomla! 3.4.6, Update now!
  2. Click Install the Update.

You will receive a confirmation once the update completes:

Joomla 2.5 & 1.5

To resolve this issue, you need to replace the following file:

libraries\joomla\session\session.php
  1. Download the updated file, based on your version of Joomla!:
    Version Link to download patched file
    2.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip.
    1.5 https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip
  2. Extract the ZIP file locally.
  3. Using FTP or your control panel's file manager (cPanel / Plesk / Web & Classic), move the session.php file from your local machine to your Joomla! install directory\libraries\joomla\session\session.php.
  4. Accept any dialogs that ask you to replace the existing file.

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

Build an amazing website in just under an hour with Website Builder. Take advantage of designs created just for your industry and then customize them to reflect your one-of-a-kind idea.

Website Security

Protect your website and keep customers safe. Your comprehensive Website Security solution. Get peace of mind by securing your websites. We fix hacks to help prevent attacks.

cPanel Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate
Copyright © 2005 - 2022. All rights reserved. Privacy Policy