Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.4.4 through 3.6.3
    • Exploit type: Account Modifications
    • Reported Date: 2016-October-26
    • Fixed Date: 2016-October-25
    • CVE Number: CVE-2016-9081

    Description

    Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

    Affected Installs

    Joomla! CMS versions 3.4.4 through 3.6.3

    Solution

    Upgrade to version 3.6.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Joomla! Security Strike Team
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.4.4 through 3.6.3
    • Exploit type: Elevated Privileges
    • Reported Date: 2016-October-21
    • Fixed Date: 2016-October-25
    • CVE Number: CVE-2016-8869

    Description

    Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

    Affected Installs

    Joomla! CMS versions 3.4.4 through 3.6.3

    Solution

    Upgrade to version 3.6.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Davide Tampellini
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.4.4 through 3.6.3
    • Exploit type: Account Creation
    • Reported Date: 2016-October-18
    • Fixed Date: 2016-October-25
    • CVE Number: CVE-2016-8870

    Description

    Inadequate checks allows for users to register on a site when registration has been disabled.

    Affected Installs

    Joomla! CMS versions 3.4.4 through 3.6.3

    Solution

    Upgrade to version 3.6.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Demis Palma
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.6.0 through 3.6.0
    • Exploit type: XSS Vulnerability
    • Reported Date: 2016-February-05
    • Fixed Date: 2016-August-03
    • CVE Number:Requested

    Description

    Inadequate escaping leads to XSS vulnerability in mail component.

    Affected Installs

    Joomla! CMS versions 1.6.0 through 3.6.0

    Solution

    Upgrade to version 3.6.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dingjie (Daniel) Yang
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.6.0 through 3.6.0
    • Exploit type: ACL Violation
    • Reported Date: 2016-April-29
    • Fixed Date: 2016-August-03
    • CVE Numbers: requested

    Description

    Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

    Affected Installs

    Joomla! CMS versions 1.6.0 through 3.6.0

    Solution

    Upgrade to version 3.6.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: T-Systems Multimedia Solutions

AYSO Area G regions

Go to top