Joomla is a free Open Source Content Management System. This tool allows you to create and manage websites very simply and does not require any special technical knowledge. Joomla is ranked second, just behind Wordpress, in the ranking of the most used CMS in the world (6.2% of market shares). The tool counts more or less 30 million downloads since 2006 (1 download every 2.5 sec.). 2.8% of the sites in the world use Joomla CMS.
Like its competitors, it is possible to extend the features of the CMS by adding extensions. Joomla offers more than 9,400 extensions on its market place. Extensions are developed by members of Joomla community, which represents approximately 560,000 people. However, these ones are not always verified by professionals. They can cause vulnerabilities that could compromise your website availability and your data integrity.
In 2016, Joomla was hit successively by two security flaws deemed critical. These two flaws are referenced in the CVE system. The first, listed as CVE-2016-8870 , allows you to create one or several users due to a verification failure even if the administrator has disabled the process.
The second, identified by the code CVE-2016-8869 , was discovered few days later by the Joomla Security Strike Team (JSST) and could be used as a complement to the the first vulnerability. This second is particularly dangerous because it allows you to modify the privileges of a user account which could perform unauthorized actions.
In December 2015, the famous CMS had already faced a vulnerability that had serious repercussions. Due to a vulnerability present in version 3.4.6 of the CMS, a wave of attacks has affected the owners of Joomla website. The security company Sucuri revealed that the flaw has generated 16,000 attacks per day.
HTTPCS experts developed a plugin to identify and validate website. Once validated, it can be analyzed by our vulnerabilities detection technology. Aware of the impact caused by the vulnerabilities present in the CMS, our tool will enable you to ensure the security of your website despite the multiple updates of themes, plugins and the software itself. Do not wait to be victim of an attack to protect your website. Take a proactive approach using HTTPCS technology.
Our "HTTPCS Validation" plugin will be available for free soon. Once installed you will have to fill in some informations about your contact details. The plugin will make a unique file on your server which will allow the HTTPCS service to validate your website. This identification file is essential to our technology. Without it, you will not be able to launch the vulnerability scanner.