Multiple Joomla! (<3.6.4) vulnerabilities fixed

      No Comments on Multiple Joomla! (<3.6.4) vulnerabilities fixed

Less than two days ago a security update for Joomla! was released. This release fixes two mayor security issues:

  • Inadequate checks allows for users to register on a site when registration has been disabled. Report on Joomla.org
  • Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Report on Joomla.org

If you are using one of the affected versions it is highly recommended to upgrade as fast as possible since this exploit is already being used in the wild.

Melvin Lammerts has written a in-depth post about these vulnerabilities including a PoC on Medium.com