JCE/Image Manager vulnerability? NOT on SiteGround servers anymore!

You should always update!

Few days ago our security team has come across a JCE related vulnerability that has the potential to affect many Joomla 1.5.x based websites. The problem is that an old version of one of the JCE addons called ImageManager has turned out to be vulnerable to attacks. The number of the affected websites is big, because many templates  providers include the JCE editor together with ImageManager as part of their template bundle installations. So many Joomla users have these extensions without having installed them themselves.

After we noticed that few of our customers are hacked this way, we have immediately intervened in order to prevent this from spreading on our servers. Our security team has added custom rules to our Apache servers that will block any attempts for hacking Joomla 1.5 sites through this security hole. In addition, files with malicious code have been identified and removed immediately. If you’re a SiteGround user and think your website is compromised, please contact our Technical Support Team and we will take a look at it immediately.

However, we strongly recommend that all Joomla 1.5 users check if JCE with ImageManager is included in their installation and make sure to update both to their latest versions.

And another side note: if you use Joomla 1.5 you should seriously consider moving to Joomla 2.5 as soon as possible. The whole 1.5 branch is no longer supported by Joomla and though it has been stable for a long time and has no known security issue at the moment, if one occurs in the future (say tomorrow) it will not be fixed. So as always the number one rule to stay safe is: always use up-to-date applications and extensions so you stay one step ahead of the hackers!

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.

Thanks!

Please check your email to confirm your subscription.

Hristo Pandjarov

Product Innovation Director

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments ( 10 )

author avatar

Asad

Jan 24, 2013

With some updates I am satisfied that I am more ''hack-proof'' with my 2.5 rather than the 1.5!

Reply
author avatar

Amila

Jan 29, 2013

Great work SG, This has troubled me on more than 1 site!

Reply
author avatar

Seth

Jan 30, 2013

I was troubled too but I was able to reinstall a backup and patch so as to prevent. It's nice to know that SiteGround has instituted a policy to aid in better protection.

Reply
author avatar

Alan

Feb 10, 2013

Many sites that I maintain are Joomla 1.5 setups, and while we try to keep them up to date a few slip through the cracks and were compromised not too long ago. I wish we had them hosted here, but they usually already have a host setup when we bring them on. At least I know my site is safer than most...

Reply
author avatar

amjad

Mar 17, 2013

many sites that i maintain are html and php setups, and while we try to keep them up to date a fw slip through the cracks and were compromised not too long ago. but jce images is first time see.

Reply
author avatar

jonas oliveira

Mar 22, 2013

Hoje desconbri que 5 sites meus foram invadido por Hackers, tudo depois que instalei o JCE 2.0... usava a versão 1.5.7.4 e nunca tive problema

Reply
author avatar

amit

Apr 16, 2013

thanks.

Reply
author avatar

Sheogorath

Jul 25, 2013

The problem is that an old version of one of the JCE addons called ImageManager has turned vulnerable to attacks. Bull####! The real problem is that an old version of one of the JCE addons called ImageManager was always vulnerable to attacks, but the vulnerability wasn't known about until recently, when it was first discovered by those who would exploit it maliciously. How come someone who's technically retarded and knows little about computers understands these facts better than you?

Reply
author avatar

Hristo Siteground Team

Jul 25, 2013

Thank you for the feedback. It was a wording issue that caused the misunderstanding which is now fixed :)

Reply
author avatar

England's Adviser On The Commercialization And Sexualisation Of Childhood Finds Website Hacked, Blames Everyone | CB Smithwick

Jul 25, 2013

[...] capture a link, blames Staines for hacking her when she had an insecure website (it looks to be an ImageManager hack), and generally Barbra Streisands all over the place. That Staines comes out looking like the good [...]

Reply

Start discussion