On 14 December 2015, the Joomla project announced a new security vulnerability affecting all current versions of Joomla 1.5 through 3.4.5. This vulnerability has been detected in the wild, has been fully documented publicly, and remains an active threat to the security and integrity of most Joomla websites.


I think Watchful* has the best (simple) explanation and patch files for Joomla 1.5 and 2.5 which you can install via the administrator. Please click below to view the details on their site. 

Read details and find patch

If you want to read more about why this is such a big deal, check the article on Sucuri and read the comments.

*I used a sentence from the Watchful website in this article because it's just perfect.