New security vulnerability affects 1 in 20 Joomla websites
Tuesday, 28 January 2014 / Blog
On Friday, the developer of the popular Breezing Forms add-on for Joomla announced a serious vulnerability affecting version 1.7.5 (build 762) and earlier.
Based on our research, we expect that about 1 in every 20 Joomla websites is affected by this vulnerability.
Thus, we recommend that you check each and every one of your Joomla installs for this version of Breezing Forms.
Pro tip: Watchful users can search all their sites at once to quickly identify any sites with Breezing Forms along with the installed version.
If your site(s) are affected, please secure the vulnerability using the steps outlined below.
REGULAR 1.7.5 UPGRADE INSTRUCTIONS
- Download and extract the patch provided by the developer. This will reveal a number of ZIP files and some folders as follows:
- Apply the patch using the instructions in the BREEZINGFORMS-UPDATE-README.txt file as follows:
- Backup your website files and database.
- Copy the contents of the folder "component-files" using an FTP client to your web folder, just like you would do a Joomla! FTP update.
- (Re-)install the plugin and module if you are using one of these
- Clear your browser cache (important for backend)
- If you use assets like email templates, pdf templates and themes, then you'll find them in /media/breezingforms/ folder after upgrading. The old paths to these assets won't work from this build on! This is necessary as the upcoming BreezingForms version 1.8 will skip the FTP based upgrade procedure.
UPGRADING INSTRUCTIONS FROM JOOMLA 1.5 TO 1.6/1.7/2.5
- Do a fresh install of BreezingForms.
- Then, in your 1.5 site, export your forms with BreezingForms' form exporter (under Configuration) and import the forms on the Joomla! 1.6/1.7/2.5 site.
- After importing save each of your forms once to re-create the validation ids (not required for Classic Mode forms).
- Add your menu items, module positions and plugin like in Joomla! 1.5
1.8 LITE UPGRADE INSTRUCTIONS
Download the latest version and install as normal.
1.8 FULL UPGRADE INSTRUCTIONS
Please download the update from the membership area on http://crosstec.de/ and install as normal.