Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities: [CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. [CVE-2016-8869] - Core - Elevated Privileges: with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege ...

Read More...