Decription: Multiple vulnerabilities have been recently announced by the Joomla! developers.
- Information Disclosure - Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.
- Shell Upload - Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
- Elevated Privileges - Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected versions: Joomla! CMS versions 3.0.0 through 3.6.4
Recommended action: Upgrade to version 3.6.5