Important Information Regarding Joomla Vulnerability (CVE-2016-8869 and CVE-2016-8870)

Publish Time: 2016-11-02 00:00:00 UTC+8

Last Updated: 2016-11-02 12:00:00 UTC+8

Severity: Critical

Status: Resolved

Description

Two vulnerabilities of Joomla (CVE-2016-8869 and CVE-2016-8870) that allow remote users to increase their privileges and create accounts on any Joomla site have been revealed.

Severity

Critical

Update Availability

To fix the security issues, please go to DSM > Package Center, install the latest version 3.6.4 of Joomla to protect your Synology NAS from malicious attacks.

References

https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
http://thehackernews.com/2016/10/joomla-security-update.html