Yesterday there was a security fix for the popular content management system - Joomla!. A single CVE-2017-8917 vulnerability was fixed, allowing an attacker to execute arbitrary SQL queries in the application database. Successful exploitation of the vulnerability allows an attacker to gain complete control over a vulnerable site.
The break was discovered by experts from Sucuri in the new component "com_fields", which appeared in Joomla! 3. Because the component is intended for public use, any visitor to the site will be able to exploit the SQL injection and compromise a vulnerable site. Due to the ease of exploitation of the vulnerability, we expect soon another epidemic of site compromises and data leaks.