sh404SEF Joomla Component
This article talks about the recent security vulnerability for the sh404SEF Joomla Component
There have been reports of Joomla sites being hacked because of a security vulnerability in the 3rd Joomla component sh404SEF. Under a particular set of circumstances, remote code execution was possible. Not all versions of the component have this security vulnerability, only versions 1.2.4. t, u and w. The components author has promptly addressed this security vulnerability and has uploaded some fixed files on Joomlacode.
The details for fixing this security vulnerability are as follows:
A – If you are using version up to and including 1.2.4s, there is no vulnerability, and you don’t need to take any action
B – If you are using version 1.2.4.t or version 1.2.4.u, you need to patch your site :
- Download the appropriate patch file from Joomlacode (sef404_t2.zip for version 1.2.4.t, or sef404_u2.zip for version 1.2.4.u)
- Unzip this file on your local computer. This will give you a sef404.php file
- Upload using ftp this new file into the /components/com_sef directory, replacing the existing one
C – if you are using version 1.2.4.w, you can either patch your site, or uninstall/re-install new version w2
Patching your site:
- Download the appropriate patch file from Joomlacode (sef404_w2.zip)
- Unzip this file on your local computer. This will give you a sef404.php file
- Upload using ftp this new file into the /components/com_sef directory, replacing the existing one
Installing new version:
- Download the new version 1.2.4.w2, available now from Joomla code
- Using Joomla installer, UN-install the current w version from your site
- Using Joomla installer, install the new version w2
- All settings and data will be preserved in this process
The author has also advised that he will be releasing next version of sh404SEF very soon.
Joomla! is the perfect Content Management System for managing and developing your website with one of WEB24’s cPanel Hosting plans.