A few hours back Joomla! released version 3.4.5 of their CMS to address a critical unauthenticated SQL Injection vulnerability that was identified by Asaf Orpani, a security researcher of Trustwave.
The SQL injection can enable an attacker to gain full administrative access to a target website when combined with other security weaknesses in Joomla! CMS. The SQL injection was discovered in a core module of Joomla! CMS, therefore all websites running Joomla! CMS version 3.2.* to 3.4.4 are affected by this vulnerability.
The technical details of the SQL Injection vulnerability and several other variations of it can be found in:
Considering how easy it is to exploit this vulnerability, and the popularity of Joomla! CMS expect a widespread attack and thousands of Joomla! CMS websites to be hacked.
Both Netsparker Desktop and Netsparker Cloud web application security scanners can already detect this new critical SQL injection in Joomla! CMS, therefore you do no need to update or wait for updates from us.
Netsparker scanners can heuristically identify this new SQL injection in Joomla! CMS, therefore they do not simply flag the vulnerability by checking the version of Joomla! CMS you are running on your website.