There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 1.6.0 through 3.6.4
- Exploit type: Elevated Privileges
- Reported Date: 2016-November-04
- Fixed Date: 2016-December-06
- CVE Number: CVE-2016-9838
Description
Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.4.4 through 3.6.3
- Exploit type: Account Modifications
- Reported Date: 2016-October-26
- Fixed Date: 2016-October-25
- CVE Number: CVE-2016-9081
Description
Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 3.4.4 through 3.6.3
Solution
Upgrade to version 3.6.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.4.4 through 3.6.3
- Exploit type: Elevated Privileges
- Reported Date: 2016-October-21
- Fixed Date: 2016-October-25
- CVE Number: CVE-2016-8869
Description
Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.
Affected Installs
Joomla! CMS versions 3.4.4 through 3.6.3
Solution
Upgrade to version 3.6.4
Contact
The JSST at the Joomla! Security Centre.