Project: Joomla!
SubProject: CMS
Severity: High
Versions: 1.6.0 through 3.6.4
Exploit type: Elevated Privileges
Reported Date: 2016-November-04
Fixed Date: 2016-December-06
CVE Number: CVE-2016-9838
Description
Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Andreev Ivan [20161201] - Core - Elevated Privileges
- Details
- Joomla RSS Sicherheit
- Kategorie: Joomla News
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 1.6.0 through 3.6.4
Exploit type: Elevated Privileges
Reported Date: 2016-November-04
Fixed Date: 2016-December-06
CVE Number: CVE-2016-9838
Description
Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Andreev Ivan - Zugriffe: 1565