Dear C F β,
Over the past few days, some of you have alerted us to our lack of communication regarding the security problem between versions 6.7.0 and 8.4.6, which we have since resolved. I apologise on behalf of the team if any of you have felt aggrieved.
As a reminder, this security issue concerned thumbnail generator templates.
First of all, I urge you to update your Joomla plugin to the latest version.
This vulnerability could allow the creation of malicious PHP files through our templates thumbnail generator. Once created, these files can provide an attacker full access to your website including all Joomla files, database credentials in the configuration.php file and your database content including user rows.
We have written an article available on our blog to help you detect and resolve the problem if your site has been attacked: https://www.acymailing.com/acymailing-security-update-%f0%9f%94%90-v8-5-0/
Once again, I urge you to update your plugin (free and paid versions).
Our support team will also be happy to help you resolve any problems you may have.
I would like to thank Bug Bounty Switzerland, David Jardin (Head of the Joomla security team) and Sigrid Gramlinger (Joomla release team lead) for their help in detecting and resolving these security flaws.
Jean-Baptiste B. CEO |