A remote command execution vulnerability has been exploited in the wild for 2 days before there was a patch available. The vulnerability affects all versions from 1.5 to 3.4.4. If you are using Joomla, you have to update it right now. This is a serious vulnerability that can be easily exploited and is already in the the wild. The attackers are doing an object injection via the HTTP user agent that leads to a full command execution. There will be unofficial fixes for the old (unsupported) versions of 2.5 and 3.5.x.”]
Source: https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html