The Joomla Security Strike Team has come up with a Security Update for the 1.5 Stable release. The 1.5.13 version will cover 2 security holes, one being moderate and the other is a critical security update. All the versions of 1.5x series up to v1.5.12 are vulnerable.

Security Holes

Core | JEXEC check : Some files were missing the check for JEXEC allowing the scripts to expose the internal path information of the host. The severity of this Security hole is moderate, though, it is recommended to upgrade as there’s yet another vulnerability in the Core TinyMCE editor.

Core | TinyMCE Editor : The Tiny Browser tool allowed Image Files to be uploaded and removed without the need to login.

Solution

Downloading the Security Release v1.5.13 will solve these issues.

1.5.13 Full Package | 6.4MB | ZIP – Download

1.5.12 to 1.5.13 Files | 113KB | ZIP – Download

Users who have used Automated Installers like Fantastico / Installatron / Softaculous will have to wait for a day or two to upgrade from there.