Menu
Critical account creation flaws patched in popular Joomla CMS

Critical account creation flaws patched in popular Joomla CMS

Developers urge users to update to Joomla 3.6.4 as soon as possible

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.

The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.

Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.

A second vulnerability patched in this update is described as a privilege escalation issue and allows users to register on a Joomla website with elevated privileges.

It's easy to see how these two vulnerabilities could be used by hackers to bypass important security controls and gain unauthorized access to websites.

A third bug was fixed in the encryption scheme used by the Joomla two-factor authentication system, although this is not marked as a vulnerability.

Joomla is the second most popular platform for building websites after WordPress, making it a favorite target for hackers. Last year, attackers started exploiting a critical Joomla vulnerability less than four hours after a patch was released for it.

While WordPress is used by many users to build personal blogs, Joomla is used primarily by companies to create complex public-facing and internal websites.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments