Joomla is one of the most popular frameworks for building websites. One of the characteristics of Joomla is that it can work with a number of older versions of PHP, which unfortunately comes with a risk.
Recently Joomla closed a number of critical vulnerabilities which occur only when using older PHP versions. The vulnerability itself allows attackers to insert rogue PHP code in your website which can then be used to perform all sorts of undesired tasks. This vulnerability is currently being abused by attackers to send out spam via hacked sites.
Only those websites for which the following conditions are true are vulnerable:
1. The website uses an older Joomla version (version 3.4.6 or lower)
2. The website uses an older PHP version (version 5.4.45 or lower, version 5.5.29 or lower or version 5.6.13 or lower)
Does your website meet both conditions?
Then we urge you to update your Joomla install to the newest version as soon as possible. This will close the vulnerability and secure your website for this bug. We however advise you to upgrade your PHP version if possible.
Has your website already been attacked or are there any indications of a hack such as notifications of spam being sent from your system?
Chances are you may have to restore a previous installation from a backup; it is not always possible to remove the rogue code from your site. Please contact the Service Desk so we can work together to identify the available options.
Does your website run an older Joomla version but your PHP version is newer than the vulnerable versions listed above?
Your site is not vulnerable against this issue. We do however advise you to upgrade your Joomla install if possible.
Does your website run an older version of PHP but your Joomla install already runs on version 3.4.7 or newer?
Your site is not vulnerable against this issue. We do however advise you to upgrade your PHP version if possible.
Does your website run PHP version 7?
Your site is not vulnerable against this issue. Should you run an older version of Joomla we do advise you to upgrade to the newest version.