Joomla sent out a security notice today.
Visit their security center here for full details:
http://developer.joomla.org/security-centre.html
Quote
Joomla! Security News
________________________________________
• [20151001] - Core - SQL Injection
• [20151002] - Core - ACL Violations
• [20151003] - Core - ACL Violations
[20151001] - Core - SQL Injection
Posted: 22 Oct 2015 12:00 PM PDT
> Project: Joomla!
> SubProject: CMS
> Severity: High
> Versions: 3.2.0 through 3.4.4
> Exploit type: SQL Injection
> Reported Date: 2015-October-15
> Fixed Date: 2015-October-22
> CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
Description
Inadequate filtering of request data leads to a SQL Injection vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX
[20151002] - Core - ACL Violations
Posted: 22 Oct 2015 12:00 PM PDT
> Project: Joomla!
> SubProject: CMS
> Severity: Moderate
> Versions: 3.2.0 through 3.4.4
> Exploit type: ACL Violation
> Reported Date: 2015-October-15
> Fixed Date: 2015-October-22
> CVE Number: CVE-2015-7859
Description
Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: JSST
[20151003] - Core - ACL Violations
Posted: 22 Oct 2015 12:00 PM PDT
> Project: Joomla!
> SubProject: CMS
> Severity: Moderate
> Versions: 3.0.0 through 3.4.4
> Exploit type: ACL Violation
> Reported Date: 2015-October-15
> Fixed Date: 2015-October-22
> CVE Number: CVE-2015-7899
Description
Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: JSST