• Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Account Modifications
  • Reported Date: 2016-October-26
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-9081

Description

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Joomla! Security Strike Team