Source: Security hotfixes for Joomla EOL versions – Joomla! Documentation
The Joomla project has just released Joomla 3.4.6 to address a Critical Vulnerability.
The vulnerability is also present in discontinued Joomla 2.5 and 1.5 series (Joomla 1.0 is ok). If you still have sites running off these old Joomla versions you must patch them appropriately.
For these old versions, a simply file replacement is all that is needed.
2020Media will happily undertake this replacement for any Joomla user, whether they are a customer or not. Please let us know if we can help by contacting us.