Two critical account creation vulnerabilities have been addressed on Tuesday in the Joomla content management system (CMS) with the release of version 3.6.4. One of the flaws, identified as CVE-2016-8870, allows an attacker to register on a website even if registration has been disabled. The security hole, affecting the Joomla core in versions 3.4.4 through…