Promanage IT Solutions
The control
of the whole Joomla website comes in the hands of the hackers when they combine
the two vulnerabilities mentioned above. This can be achieved by uploading a
PHP shell which allows hackers to execute their commands over the server. Such
a scenario is nothing short of a nightmare for any Joomla developer who
will be held responsible for the compromise of the network by the client.
Joomla developers have downplayed the attack scenarios visualized by Fortbridge researchers by saying they have exploited configurations that have become obsolete in present times. In comparison to password reset vulnerability, it is XSS vulnerability that is more common and it has actually been used by hackers under different scenarios. There have been several incidents of data breaches that point to this kind of strategy being used by hackers to compromise the security of Joomla websites. It was in February 2021 that the world was shocked to learn about Acellion’s mess where XSS vulnerability was used by hackers to attempt a successful data breach event.