Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site
Oct 25, 2016
Joomla – the world's second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix. The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability ( CVE-2016-8870 ) and Elevated Privileges flaw ( CVE-2016-8869 ) that, if unpatched, could put millions of websites that run on Joomla at risk. The account creation bug could allow any user to register on a website, even if the registration process has been disabled, while the elevated privileges flaw could enable users to perform advanced functions on a registered site that ordinary users are not authorized to do. Both the critical vulnerabilities affect Joomla version 3.4.4 through 3.6.3. The update also includes a bug fix for Two-Factor Authentication. Millions of websites used in e-commerce and other sensitive industries used Joomla,