Menu
Critical account creation flaws patched in popular Joomla CMS

Critical account creation flaws patched in popular Joomla CMS

Developers urge users to update to Joomla 3.6.4 as soon as possible

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.

The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.

Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.

A second vulnerability patched in this update is described as a privilege escalation issue and allows users to register on a Joomla website with elevated privileges.

It's easy to see how these two vulnerabilities could be used by hackers to bypass important security controls and gain unauthorized access to websites.

A third bug was fixed in the encryption scheme used by the Joomla two-factor authentication system, although this is not marked as a vulnerability.

Joomla is the second most popular platform for building websites after WordPress, making it a favorite target for hackers. Last year, attackers started exploiting a critical Joomla vulnerability less than four hours after a patch was released for it.

While WordPress is used by many users to build personal blogs, Joomla is used primarily by companies to create complex public-facing and internal websites.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments