The Hacker News Logo
Subscribe to Newsletter

Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site

joomla-security-update
Joomla – the world's second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix.

The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability (CVE-2016-8870) and Elevated Privileges flaw (CVE-2016-8869) that, if unpatched, could put millions of websites that run on Joomla at risk.

The account creation bug could allow any user to register on a website, even if the registration process has been disabled, while the elevated privileges flaw could enable users to perform advanced functions on a registered site that ordinary users are not authorized to do.

Both the critical vulnerabilities affect Joomla version 3.4.4 through 3.6.3. The update also includes a bug fix for Two-Factor Authentication.

Millions of websites used in e-commerce and other sensitive industries used Joomla, including big brand services such as McDonalds, Linux.com, General Electric, and major news sites.

So, Joomla administrators are recommended to quickly update their websites to the updated version 3.6.4 of the CMS immediately.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.