Today I had one of my clients hacked with a recent exloit of the Joomla 1.5.x family. The exploit allows you to easily reset the first user password which usually is the administrator user. After some digging I could find how to reproduce the exploit and guess what, even a 5 years old could perform that. It’s so simple that’s scary.
Anyway if you are currently using Joomla 1.5.x you should upgrade it to 1.5.6.