Joomla! is one of the most widely used CMSs in the world. Joomla! has released updated version of CMS. This release of Joomla! pathed two critical security vulnerabilities and a bug fix for two-factor authentication.
Both critical flaws occurs in joomla core functionalities, first flaw is Account Creation vulnerability which could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.
Other one is Elevated Privileges vulnerability, elevated privileges flaw could enable users to perform higher role functions on a registered site that ordinary users are not authorized to do.
A bug was fixed in the encryption scheme used by the Joomla two-factor authentication system, although this is not marked as a vulnerability.Both the critical vulnerabilities affect Joomla version 3.4.4 through 3.6.3.
Joomla is the second most popular platform for building websites after WordPress, millions of website is hosted on on joomla including e commerce and other big brand website.
Joomla administrators are advised to quickly update their websites to the updated version 3.6.4 of the CMS immediately.