The Joomla security team has fixed a highly critical zero-day bug, which allows an attacker to take full control of an affected site’s administration area.
The vulnerability affects Joomla versions 1.5 to 3.4.5, it involves an object injection vulnerability via the HTTP user agent that leads to a full remote command execution.
You can determine your Joomla version by logging into your administrator area, the version will be displayed either in the top right hand corner or at the bottom of your administrator panel.
This is a serious vulnerability that can be easily exploited and is already in the wild. If you are using Joomla, it is essential that you upgrade to the latest version
For EOL versions a patch has been provided which can be found at the link below, however we strongly recommend clients upgrade to the latest version as soon as possible.