View Previous Alerts

Alert (TA13-024A)

Content Management Systems Security and Associated Risks

Original release date: January 24, 2013 | Last revised: --

Systems Affected

Web-based Content Management Systems, specifically Joomla! installations.


This Alert was developed as a collaborative effort between Public Safety Canada and the U.S. Department of Homeland Security. This informational note is aimed to raise awareness of important cyber security practices in regard to content management systems, specifically Joomla! installations.


Compromised web servers are increasingly being utilized by malicious actors to carry out cyber attacks, such as distributed denial-of-service attacks against critical infrastructure companies around the world. These web servers offer increased networking and computing capacity compared with average user workstations, and are therefore a target of choice for malicious actors to build their attack infrastructure. For this reason, it is imperative to secure servers according to best practices, and thus limit their exposure to control by potentially malicious actors.

Specifically, the compromised servers running Content Management Systems (CMSs) are consistently targeted and leveraged to launch cyber attacks. CMSs are software suites that allow site administrators to easily manage the design, functionality, and operation of websites with minimal technical expertise. In recent years there has been an increase in the number of deployments of CMS software on the Internet. This has been fueled by popular open source projects which are freely available under General Public License (GPL) model. Unfortunately, some CMS web server operators are not following security best practices, exposing them and others to cyber security risks such as compromise and denial of service.

Joomla! is one of the most widely used CMSs in the world. It is PHP-based and allows rapid deployment of dynamic content on websites. It is recognized for its simplicity of deployment and usage while offering extensive features and plugins. However, like many other large software packages, Joomla! has been the subject of a number of vulnerabilities in recent years and, if left unpatched, can represent a risk for site owners, and any other Internet users.


The Canadian Cyber Incident Response Centre and US-CERT are aware of malicious actors exploiting unpatched CMS installations, primarily Joomla! installations, to gain control of web servers and launch distributed denial-of-service (DDoS) attacks against critical infrastructure organizations.


In general, web site administrators should strive to follow patching instructions from their software providers. Additional security practices and guidance are made available by community efforts such as The Open Web Application Security Project (OWASP) and US-CERT's Technical Information Paper TIP-12-298-01 on Website Security.

Joomla! and other CMS packages regularly update their software as vulnerabilities are reported and patches are developed. The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) provides assessments of such vulnerabilities, accompanied by links to specific remediation activities for users and administrators to follow.

Specifically, administrators of Joomla! CMS servers should ensure their installation includes the latest software version available. Additionally, administrators should consider guidance found under the Joomla! community security section and review the following best practices:


Revision History

This product is provided subject to this Notification and this Privacy & Use policy.

Document Feedback

Was this document helpful?  Yes  |   Somewhat  |   No