- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.4.4 through 3.6.3
- Exploit type: Account Modifications
- Reported Date: 2016-October-26
- Fixed Date: 2016-October-25
- CVE Number: CVE-2016-9081
Description
Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 3.4.4 through 3.6.3
Solution
Upgrade to version 3.6.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Joomla! Security Strike Team