Fwd: AcyMailing - Security updates reminder
0 views
Skip to first unread message
Dorothy Firsching
Aug 30, 2023, 12:01:05 PM8/30/23
to novaj...@googlegroups.com
SERIOUS security issue that demands your attention if you use
Acymailing!
Mysites alerted me to this on Monday evening.
Dorothy
Mysites alerted me to this on Monday evening.
Dorothy
Subject: AcyMailing - Security updates reminder
Date: Wed, 30 Aug 2023 03:38:27 +0000
From: AcyMailing Team <j...@acymailing.com>
Reply-To: AcyMailing Team <sup...@acyba.com>
Major security updates
Over the past few days, some of you have alerted us to our lack of communication regarding the security problem between versions 6.7.0 and 8.4.6, which we have since resolved. I apologise on behalf of the team if any of you have felt aggrieved.
As a reminder, this security issue concerned thumbnail generator templates.
First of all, I urge you to update your Joomla plugin to the latest version.
This vulnerability could allow the creation of malicious PHP files through our templates thumbnail generator. Once created, these files can provide an attacker full access to your website including all Joomla files, database credentials in the configuration.php file and your database content including user rows.
We have written an article available on our blog to help you detect and resolve the problem if your site has been attacked: https://www.acymailing.com/acymailing-security-update-%f0%9f%94%90-v8-5-0/
Once again, I urge you to update your plugin (free and paid versions).
Our support team will also be happy to help you resolve any problems you may have.
I would like to thank Bug Bounty Switzerland, David Jardin (Head of the Joomla security team) and Sigrid Gramlinger (Joomla release team lead) for their help in detecting and resolving these security flaws.
Jean-Baptiste B.
CEO
Dorothy Firsching
Dorothy Firsching, PMP
Ursa Major Consulting, LLC
9536 Stevebrook Road
Fairfax, VA 22032
phone (703) 425-6236
fax (703) 345-9354
Lisa Keyser
Aug 30, 2023, 12:36:08 PM8/30/23
to novaj...@googlegroups.com
This actually affected one of my websites; I also got the "site hacked" notice through MySitesGuru and was able to delete the offending file and update Acymailing. What a pain that they didn't alert people earlier, though. And this was with pretty decent firewall protection via Akeeba Admin Tools.
http://lmkwebdesign.com
li...@lmkwebdesign.com
571-384-8844
Lisa M. Keyser
Owner | Principal
LMK Web Design & Consulting
Owner | Principal
LMK Web Design & Consulting
li...@lmkwebdesign.com
571-384-8844
--
NoVAJoomla is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
---
You received this message because you are subscribed to the Google Groups "Joomla! User Group of Northern Virginia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to novajoomla+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/novajoomla/64ef67bd.050a0220.1e7b9.c946SMTPIN_ADDED_MISSING%40gmr-mx.google.com.
Reply all
Reply to author
Forward
0 new messages