Many Joomla Sites Hacked via Recently Patched Flaws

Advertisement


Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild.

Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if account registration is disabled, and CVE-2016-8869, a privilege escalation that allows hackers to gain administrator rights. A combination of these flaws can be exploited to upload a backdoor and gain complete control of vulnerable Joomla websites.

Advertisement