Joomla! v.3.x multiple vulnerabilities

Posted on Posted in Joomla

Decription: Multiple vulnerabilities have been recently announced by the Joomla! developers.

  • Information Disclosure - Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.
  • Shell Upload - Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
  • Elevated Privileges - Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected versions: Joomla! CMS versions 3.0.0 through 3.6.4

Recommended action: Upgrade to version 3.6.5

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *