Joomla!@3.6.4 Security Vulnerabilities and Issues — Joomla!@3.6.4 CVE List

Lucene search

JoomlaJoomla!3.6.4

3 matches found

CVE•added 2016/12/16 9:59 a.m.•209 views

CVE-2016-9838

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and ...

7.5CVSS8.4AI score0.02871EPSS

Web

CVE•added 2016/12/05 5:59 p.m.•84 views

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally, J...

9.8CVSS9.4AI score0.00374EPSS

CVE•added 2016/12/16 9:59 a.m.•70 views

CVE-2016-9837

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?op...

7.5CVSS8.2AI score0.0001EPSS

Web