The new Joomla release fixes a critical SQL injection vulnerability that could be exploited by attackers to access data in the database of any website running on versions 3.2 to 4.4.4. The flaw resides in the core module of the CMS, an attackers can exploit a code from a PHP file in the Adminstrator folder, that is vulnerable to the SQL injection, to steal a session key. An attacker could hijack the administrator session, exploit the main vulnerability, and then compromise the entire website.”]
Source: https://securityaffairs.co/wordpress/41376/security/new-joomla-release-3-4-5.html