Hagaajinta nuglaanta muhiimka ah ee JCE, oo ah ku-darka CMS Joomla

JCE (Joomla Tifaftiraha Mawduuca), mid ka mid ah fidinta ugu da'da weyn uguna caansan nidaamka deegaanka JoomlaNuglaansho halis ah (CVE-2026-48907) oo u oggolaanaysa soo dejinta profile-ka iyada oo aan la xaqiijin ayaa la hagaajiyay. Weeraryahan ayaa ka faa'iideysan kara nuglaantaas si uu u rakibo profile kaas oo curyaaminaya hubinta nooca MIME isla markaana awood u siinaya soo dejinta script-ka PHP server-ka. Weeraryahannada ayaa la arkay iyagoo ka faa'iideysanaya nuglaantaas si ay u rakibaan qolof shabakadeed, kaas oo bixiya marin fog oo nidaamka ah.

Nuglaanta waxaa lagu xalliyay JCE 2.9.99.5, waxaana ku xigay cusboonaysiinta 2.9.99.6 oo leh adkeynta amniga. Nuglaanta waxay saameysaa dhammaan noocyada JCE (laga bilaabo JCE 2.9.99.5) Joomla 3 ku Joomla 6) Ka dib markaad rakibto cusbooneysiinta, waa inaad hubisaa in nidaamka aan la jabin iyo in weeraryahannadu aysan wax albaab dambe ah ku rakibnayn.

Waxaad ka hubin kartaa bog been abuur ah, kaas oo caadiyan leh magac aan macno lahayn oo si otomaatig ah loo soo saaray, is-dhexgalka maamulka ee hoos yimaada "Qaybaha" - "Tifaftiraha JCE" - "Profiles-ka Tifaftiraha." Sidoo kale waa inaad hubisaa in soo gelinta faylka PHP aan loo oggolaan dejinta "Fidinta Faylka Loo Ogolaaday" oo aad hubisaa diiwaanka codsiyada URL-ka soo dejinta profile-ka (index.php?option=com_jce&task=profiles.import). Joogitaanka faylasha .htaccess ee dhinac saddexaad iyo faylasha leh magacyo caadi u ah CMS-yada goobta ayaa sidoo kale tilmaami kara tanaasul. WordPressiyo ma Joomla, sida wp-config.php iyo wp-cron.php.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers πŸ”₯ Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster