Yesterday the Webtivity Team was discussing the security vulnerabilities that have plagued the Joomla! CMS since its introduction. We have never felt comfortable recommending Joomla! as suitable website platform because of this.
I regularly monitor the Security Blogs for any exploits pertaining to popular Web Applications, and I hadn’t seen a major security vulnerability to the Joomla! Core in over a year.
Just as I thought Joomla! was getting their stuff together, in some uncanny form of Security Blog Telepathy; within 24 hours 8 new security vulnerabilities were announced on the Joomla! Developer Security Blog. Two of these vulnerabilities are critical, including a SQL Injection vulnerability, and an Unauthorized Access vulnerability. Both of these vulnerabilities could allow an attacker to gain full control of the website and its content.
If your website Content Management System was built with the Joomla! 1.6 platform upgrade to the latest version (1.6.2) immediately. Unforunately there have also been issues with upgrading Joomla! in the past, so be sure your website and database is completely backed up before you attempt an upgrade so you can immediately restore your website if something goes wrong with the upgrade.