The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.6.0 through 3.6.4
  • Exploit type: Elevated Privileges
  • Reported Date: 2016-November-04
  • Fixed Date: 2016-December-06
  • CVE Number: CVE-2016-9838

Description

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre....

Reported By: Andreev Ivan

Read more