Joomla released a new version of its CMS Thursday, 3,4,5, that addresses a critical SQL injection vulnerability that could have let attackers gain access to data in the backend of any site running the platform.