Joomla has just issued a patch that fixes a SQL injection vulnerability discovered by a researcher at Trustwave SpiderLabs.
The flaw allowed malicious users to extract a browser cookie assigned to a Joomla site administrator, giving them access to restricted parts of a Joomla site.
The flaw first appeared in Joomla 3.2, released in November, 2013. An estimated 2.8 million websites rely on Joomla. The Joomla team and the researcher who found the flaw recommend an immediate update to version 3.4.5.
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html