Description
The Joomla security team have released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability.
Remediation
Upgrade to Joomla! CMS version 3.4.6. If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes listed in the Web references section.
References
Security hotfixes for Joomla EOL versions
[20151201] - Core - Remote Code Execution Vulnerability
Critical 0-day Remote Command Execution Vulnerability in Joomla
Related Vulnerabilities
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
Server-Side Template Injection
Jboss Application Server HTTPServerILServlet.java remote code execution
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)