FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Joomla! -- multiple vulnerabilities

Affected packages
3.4.4 <= joomla3 < 3.6.4

Details

VuXML ID a27d234a-c7f2-11e6-ae1b-002590263bf5
Discovery 2016-10-25
Entry 2016-12-22

The JSST and the Joomla! Security Center report:

[20161001] - Core - Account Creation

Inadequate checks allows for users to register on a site when registration has been disabled.

[source]

[20161002] - Core - Elevated Privilege

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

[source]

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

[source]

References

CVE Name CVE-2016-8869
CVE Name CVE-2016-8870
CVE Name CVE-2016-9081
URL https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
URL https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
URL https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
URL https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.