- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.6.4
- Exploit type: Shell Upload
- Reported Date: 2016-October-26
- Fixed Date: 2016-December-06
- CVE Number: CVE-2016-9836
Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
Joomla! CMS versions 3.0.0 through 3.6.4
Upgrade to version 3.6.5
The JSST at the Joomla! Security Centre.
Reported By: Xiphos Research Ltd.