joomla/joomla-cms

joomla/joomla-cms

Releases595

Frequency1 week 2 days

Last Release 9 days ago

Stars5.09K

Home of the Joomla! Content Management System

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-8870 ↗	Nov 4, 2016Friday, 4 November 2016, 21:59	—	6.8 MEDIUM
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
CVE-2016-8869 ↗	Nov 4, 2016Friday, 4 November 2016, 21:59	—	7.5 HIGH
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVE-2013-5576 ↗	Oct 9, 2013Wednesday, 9 October 2013, 14:54	—	6.8 MEDIUM
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.