It looks like you're new here. If you want to get involved, click one of these buttons!
This is important to upgrade to. It is an important security fix that can allow accounts to be hijacked. Please see the updated information here
Posted: 27 Oct 2016 12:00 PM PDT
Versions: 3.4.4 through 3.6.3
Exploit type: Account Modifications
Reported Date: 2016-October-26
Fixed Date: 2016-October-25
CVE Number: CVE-2016-9081
Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Joomla! CMS versions 3.4.4 through 3.6.3
Upgrade to version 3.6.4