Search This Blog

Saturday, October 29, 2016

Joomla – From No One to the Highest Privilege

Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities:
  • [CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled.
  • [CVE-2016-8869] - Core - Elevated Privileges:  with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege – Administrator.
We took a deeper dive to see how these exploits tick and would like to congratulate Davide Tampellini on his first CVE discovery.

Fortinet Blog

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.