A fresh campaign from a known adversary is using a known flaw in the popular Joomla! CMS platform to carry out a large-scale phishing and spam operation, according to researchers. The Jmail Breaker attack leverages an old vulnerability in the CMS platform and a newly found flaw in mail module. The attacker injects a base64 string in the User Agent field in HTTP requests, then downloads the files and stores them in a specific path. The code tries to download specific files from Pastebin and stores the files in a designated path.
Source: https://threatpost.com/joomla-mail-flaw-exploited/142341/