Topics pertaining to technology, especially as they pertain to business issues are discussed. Such topics include using tech to boost productivity, marketing with social media, cybersecurity, and numerous other topics.
Search This Blog
Saturday, October 29, 2016
Joomla – From No One to the Highest Privilege
Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities:
[CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled.
[CVE-2016-8869] - Core - Elevated Privileges: with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege – Administrator.
We took a deeper dive to see how these exploits tick and would like to congratulate Davide Tampellini on his first CVE discovery.