If only textual content needs to change in the body of any of the pages, you might consider a home-grown solution. Installing any CMS for something so small would be in my opinion smashing an ant with a hammer. It can be done, but it’s much more than is needed.
The way it works is the php file loads the template and then pulls the body either from a flat file or from the database. On the backend, the person making the changes chooses which page to edit and then makes the necessary changes in richtext editor, like CKEditor or similar opensource(free) editor.
There’s a couple reasons I suggest this:
First, security through obscurity is very successful, no matter what anyone will tell you. The majority of exploit attempts are done by people that don’t have a firm grasp on what they’re doing and use prebuilt scripts that run and look for known scripts that are unpatched. To give you an idea of what I mean, here’s a screenie from one of my projects. The URLs you’re seeing is a script looking for an unpatched WYIWYG editor in a couple hundred popular directory locations. I see this 10 to 20 times a day for different applications and my site has almost zero legitimate traffic. Imagine how many malicious bots are crawling well known and more popular sites.
I’m confident that if you checked your server logs, you would find the same type of traffic right before your script was used to upload that file.
In my case, everything is homegrown and when I see stuff like this, I will add the filename to a autoban list. The next time a script starts looking for that file, the IP gets dropped to a banlist so the server won’t waste any more resources on them loading a dynamic page each time. I’m not in any hurry to do it because I know that the bot will never find a match, since everything was written by myself and the bots have never been written to handle this system.
The second reason I suggest this approach is that your site doesn’t seem to require one of the mammoth frameworks that exist. It will do what you want, but you’ll forever be tied to updating the system to stay secure as opposed to a very small editing script that has hundreds of thousands less line of code to find exploits in and that nobody has ever seen the source code to.
Oddz has already mentioned that you would either need to learn to write php, or find someone to hire to do it. I’ve seen websites devoted to matching clients and scripters, like classifieds for scripts. That might be an option for you or you could find someone local to you. I think the up front cost would be worth not having to worry about when Joomla or similar issues a security update.