Joomla Security Release 3.6.4

edited October 2016 in Miscellaneous Scripts

This is important to upgrade to. It is an important security fix that can allow accounts to be hijacked. Please see the updated information here

Posted: 27 Oct 2016 12:00 PM PDT
Severity: High
Versions: 3.4.4 through 3.6.3
Exploit type: Account Modifications
Reported Date: 2016-October-26
Fixed Date: 2016-October-25
CVE Number: CVE-2016-9081
Description

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Tagged:
Kirkus

Comments

Sign In or Register to comment.