This is actively being exploited at the moment, concerning a remote code injection in Mambo/Joomla installations. The exploit code searches for index.php?option=com_performs via google and uses a bug in performs.php to execute a remote php script.

As far as I know, this vulnerability is not yet fix...

[ more ]