• Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Account Modifications
  • Reported Date: 2016-October-26
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-9081

Description

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Joomla! Security Strike Team
Rate this post
Брой прочитания на тази страница: 1158
[20161003] – Core – Account Modifications
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *