The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site.

Directly from the Joomla announcement:

Joomla! 3.4.5 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. We strongly recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.

If you are a Joomla user, you have to patch your site now! If your site is behind our Website firewall (CloudProxy) you were already protected even before the disclosure via the Virtual Hardening / Patching engine, which focuses on generic SQLi attack vectors.

 

See technical details here.