[20161003] - Core - Account Modifications

Security Announcements

[20161003] - Core - Account Modifications

Project: Joomla! SubProject: CMS Severity: High Versions: 3.4.4 through 3.6.3 Exploit type: Account Modifications Reported Date: 2016-October-26 Fixed Date: 2016-October-25 CVE Number: CVE-2016-9081 Description

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Joomla! Security Strike Team

more info...