Security Warning Joomla 1.5.12 TinyMCE unauthorized file upload issue
We recently found that Joomla 1.5.12 (only that version) contains major security bug where unauthorized visitors can upload or delete image files from from inside the TinyMCE editor script without the need to login to the Joomla Administrator panel. This exploit allows hackers to be able to upload trojan hourses into /public_html/images/ folder and run them on user accounts taking full control over the website.
We immediately patched most Joomla 1.5.12 accounts on our servers, but there may be still ones that contain that bug. Please be advised and upgrade as soon as possible!
We are currently installing version in which this bug is fixed!
more on: Joomla Hosting