What is Joomla?
Joomla, also officially called Joomla! and simply J! is a free open-source CMS (content management software.) Like the famous WordPress, Joomla was created for publishing content on websites -the difference being the WordPress is less technical and more blog-focused. Another distinguishing factor for Joomla is that it was built entirely by volunteers, and is continuously evolving as a truly free, open-source solution. According to the official Joomla website, “Joomla! is a free and open-source content management system (CMS) for publishing web content. Over the years Joomla! has won several awards.” Furthermore, “Joomla! is one of the most popular website softwares, thanks to its global community of developers and volunteers, who make sure the platform is user friendly, extendable, multilingual, accessible, responsive, search engine optimized and so much more.” Coming in at second place as the second most popular CMS software out there, according to official statistics Joomla powers around 2% of all websites out there, whereas this figure is over 40% for WordPress. Until 2010, Joomla was leading the CMS product race until it was permanently overtaken by CMS giant WordPress.
Information Concerning The Software Vulnerability
On August 24th, 2021 a high-risk, high-severity software vulnerability was reported on the Joomla! Developer Network. This vulnerability can potentially allow a remote attacker to gain unauthorized access to otherwise restricted functionalities. The vulnerability was first discovered on the 20th of August, 2021, and was reportedly fixed as of today.
In-Depth Details Surrounding The Vulnerability
This specific vulnerability was assigned CVE ID code CVE-2021-26040. The vulnerability type is an ‘improper access control’ vulnerability that exists due to improper access restrictions in the ‘com_media’ deletion endpoint. A remote attacker can bypass implemented security restrictions and then delete arbitrary files on a vulnerable system.
Important User Information
This software vulnerability affects Joomla software version 4.0.0, and a patch has been released today on August 24th, 2021 to remediate the security flaw. A security researcher by the name of ‘Maverick’ has contributed to the resolution of this issue. Users of Joomla CMS version 4.0.0 should immediately upgrade to version 4.0.1 here to fix this software vulnerability.