Update your Joomla site… yet again.
If you run a site powered by the Joomla content management system and haven’t yet applied a critical update for this software released less than two weeks ago, please take a moment to do so: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors., Says Brian Krebs
Krebs on Security writes that Web security firm Versafe discovered an easily exploitable bug in the Joomla core. The exploit is already widely used. Joomla versions 2.5.14 and 3.1.5 fix a serious bug that allows unprivileged users to upload arbitrary .PHP files just by adding a “.” (period) to the end of PHP filenames.
The patch released on July 31, 2013 applies to Joomla 2.5.13 and earlier 2.5.x versions, as well as Joomla 3.1.4 and earlier 3.x versions.
Time to update!