The Joomla project just announced two new Security releases for Joomla 1.5 and Joomla 1.7 branches. Both releases are marked “High Priority – Core – Password Change Vulnerability”. Looking into the details, apparently it may be possible for someone to exploit the “Forgot Password” system to change a users password and gain access to the site.
In addition to the issue above, the 1.7.3 patch also includes another minor XSS security fix in the administration area and 77 bug fixes, so upgrade today.
Sysgen Media highly recommends that all users of Joomla upgrade to the latest release on their branch as soon as possible. We also maintain that users should generally keep up-to-date with all of the latest security releases for any open source software platform.
Sysgen Media is also able to help facilitate an update of your site. Rates vary depending on the version of Joomla you have currently as well as the size of the site and number of extensions that may be in use. If you are interested please contact us today.
