Joomla's developers have released a fix to critical SQL injection vulnerability in the 3.2.3 update, but still are coming under fire for taking a month to address the issue. According to ThreatPost, researchers at Sucuri have associated the SQL fix with a month-old vulnerability that was described at exploit-db.com.
The Scip vulnerability database provides this description: “Affected by this issue is an unknown function of the file /index.php/weblinks-categories.
"The manipulation of the argument id with the input value 0%20%29%20union%20select%20password%20from%20%60k59cv_users%60%20--%20%29 leads to a sql injection vulnerability. Impacted is confidentiality, integrity, and availability.”
So patch your Joomlas!