On December, 13 there has been a critical remote command execution vulnerability detected in Joomla!, that affected all CMS versions from 1.5 to 3.4.5.
In a nutshell, the vulnerability provides an opportunity for exploitation by remote code execution through the HTTP user agent.Immediately after the vulnerability was announced we have applied a defense to protect our clients.
All Joomla! users need to update to the latest available CMS version.
For those using the 3.x versions we strongly recommend that you immediately update to the latest available 3.4.6. version.
If you are using Joomla! 1.5 or 2.5, you will be able to apply the necessary hotfixes: Security hotfixes for Joomla EOL versions.